Exemplo n.º 1
function main_page($viewall, $sortby, $sortdir)
    global $uroles, $username, $dbconn, $hosts;
    global $arruser, $user;
    $tz = Util::get_timezone();
    if ($sortby == "") {
        $sortby = "id";
    if ($sortdir == "") {
        $sortdir = "DESC";
    $sql_order = "order by {$sortby} {$sortdir}";
    if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
		<div style="width:50%; position: relative; height: 5px; float:left">
			<div style="width:100%; position: absolute; top: -41px;left:0px;">
    			<div style="float:left; height:28px; margin:5px 5px 0px 0px;">
    				<a class="button" href="<?php 
        echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?smethod=schedule&hosts_alive=1&scan_locally=1', 'environment', 'vulnerabilities', 'scan_jobs');
        echo _("New Scan Job");
    			<div style="float:left;height:28px;margin:5px 5px 0px -2px;">
    				<a class="greybox button av_b_secondary" href="import_nbe.php" title="<?php 
        echo _("Import nbe file");
        echo _("Import nbe file");
    if (intval($_GET['page']) != 0) {
        $page = intval($_GET['page']);
    } else {
        $page = 1;
    $pagesize = 10;
    if ($username == "admin") {
        $query = "SELECT count(id) as num FROM vuln_jobs";
    } else {
        $query = "SELECT count(id) as num FROM vuln_jobs where username='******'";
    $result = $dbconn->Execute($query);
    $jobCount = $result->fields["num"];
    $num_pages = ceil($jobCount / $pagesize);
    //echo "num_pages:[".$num_pages."]";
    //echo "jobCount:[".$jobCount."]";
    //echo "page:[".$page."]";
    if (Vulnerabilities::scanner_type() == "omp") {
        // We can display scan status with OMP protocol
        echo Vulnerabilities::get_omp_running_scans($dbconn);
    } else {
        // Nessus
        all_jobs(0, 10, "R");

    $schedulejobs = _("Scheduled Jobs");
    echo <<<EOT

   <table style='margin-top:20px;' class='w100 transparent'><tr><td class='sec_title'>{$schedulejobs}</td></tr></table>
   <table summary="Job Schedules" class='w100 table_list'>
    if ($sortdir == "ASC") {
        $sortdir = "DESC";
    } else {
        $sortdir = "ASC";
    $arr = array("name" => "Name", "schedule_type" => "Schedule Type", "time" => "Time", "next_CHECK" => "Next Scan", "enabled" => "Status");
    // modified by hsh to return all scan schedules
    if (empty($arruser)) {
        $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n              FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
    } else {
        $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n              FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ({$user}) ";
    $query .= $sql_order;
    $result = $dbconn->execute($query);
    if ($result->EOF) {
        echo "<tr><td class='empty_results' height='20' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
    if (!$result->EOF) {
        echo "<tr>";
        foreach ($arr as $order_by => $value) {
            echo "<th><a href=\"manage_jobs.php?sortby={$order_by}&sortdir={$sortdir}\">" . _($value) . "</a></th>";
        if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
            echo "<th>" . _("Action") . "</th></tr>";
    $colors = array("#FFFFFF", "#EEEEEE");
    $color = 0;
    while (!$result->EOF) {
        list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
        $name = Av_sensor::get_name_by_id($dbconn, $servers);
        $servers = $name != '' ? $name : "unknown";
        $targets_to_resolve = explode("\n", $targets);
        $ttargets = array();
        foreach ($targets_to_resolve as $id_ip) {
            if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d{1,2}/i", $id_ip, $found) && Asset_net::is_in_db($dbconn, $found[1])) {
                $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_net::get_name_by_id($dbconn, $found[1]) . ")";
            } else {
                if (preg_match("/^([a-f\\d]{32})#\\d+\\.\\d+\\.\\d+\\.\\d+/i", $id_ip, $found) && Asset_host::is_in_db($dbconn, $found[1])) {
                    $ttargets[] = preg_replace("/^([a-f\\d]{32})#/i", "", $id_ip) . " (" . Asset_host::get_name_by_id($dbconn, $found[1]) . ")";
                } else {
                    $ttargets[] = preg_replace("/[a-f\\d]{32}/i", "", $id_ip);
        $targets = implode("<BR/>", $ttargets);
        $tz = intval($tz);
        $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($nextscan) + 3600 * $tz);
        preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
        $time = $found[1];
        switch ($schedtype) {
            case "N":
                $stt = _("Once (Now)");
            case "O":
                $stt = _("Once");
            case "D":
                $stt = _("Daily");
            case "W":
                $stt = _("Weekly");
            case "M":
                $stt = _("Monthly");
            case "Q":
                $stt = _("Quarterly");
            case "H":
                $stt = _("On Hold");
            case "NW":
                $stt = _("N<sup>th</sup> weekday of the month");
                $stt = "&nbsp;";
        switch ($schedstatus) {
            case "1":
                $itext = _("Disable Scheduled Job");
                $isrc = "images/stop_task.png";
                $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
                $itext = _("Enable Scheduled Job");
                $isrc = "images/play_task.png";
                $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
        if (!Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
            $ilink = "javascript:return false;";
        if ($schedstatus) {
            $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
        } else {
            $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
        require_once 'classes/Security.inc';
        if (valid_hex32($user)) {
            $user = Session::get_entity_name($dbconn, $user);
        echo "<tr bgcolor=\"" . $colors[$color % 2] . "\">";
        if ($profile == "") {
            $profile = _("Default");
        echo "<td><span class=\"tip\" title=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . $targets . "\">{$schedname}</span></td>";
        echo $stt;
        echo $time;
        echo $nextscan;
        echo <<<EOT
    <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>&nbsp;
        if (Session::menu_perms("environment-menu", "EventsVulnerabilitiesScan")) {
            echo "<a href='" . Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/sched.php?disp=edit_sched&sched_id=' . $schedid, 'environment', 'vulnerabilities', 'scan_jobs') . "'><img src='images/pencil.png' title='" . _("Edit Scheduled") . "'></a>&nbsp;";
            echo "<a href='manage_jobs.php?disp=delete&amp;schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a>";
        echo "</td>";
        echo <<<EOT
    echo <<<EOT
<br />
    $out = all_jobs(($page - 1) * $pagesize, $pagesize);
<table width="100%" align="center" class="transparent" cellspacing="0" cellpadding="0">
        <td class="nobborder" valign="top" style="padding-top:5px;">
            <div class="fright">
    if ($out != 0 && $num_pages != 1) {
        $page_url = "manage_jobs.php";
        if ($page == 1 && $page == $num_pages) {
            echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
            echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
        } elseif ($page == 1) {
            echo '<a href="" class="link_paginate_disabled" onclick="return false">< ' . _("PREVIOUS") . '</a>';
            echo '<a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>&nbsp;';
        } elseif ($page == $num_pages) {
            echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a>';
            echo '<a class="lmargin link_paginate_disabled" href="" onclick="return false">' . _("NEXT") . ' ></a>';
        } else {
            echo '<a href="' . $page_url . '?page=' . ($page - 1) . '">< ' . _("PREVIOUS") . '</a><a class="lmargin" href="' . $page_url . '?page=' . ($page + 1) . '">' . _("NEXT") . ' ></a>';
Exemplo n.º 2
function main_page($viewall, $sortby, $sortdir)
    global $uroles, $username, $dbconn, $hosts;
    global $arruser, $user;
    $tz = Util::get_timezone();
    if ($sortby == "") {
        $sortby = "id";
    if ($sortdir == "") {
        $sortdir = "DESC";
    /*    if ( $uroles['admin'] ) {
            if($viewall == 1) {
                echo "&nbsp;<a href='manage_jobs.php'>View My Schedules</a>&nbsp;|&nbsp;";
            } else {
                echo "&nbsp;<a href='manage_jobs.php?viewall=1'>View All Schedules</a>&nbsp;|&nbsp;";
        } else {
            $viewall = "1";
    //echo "<a href='sched.php?op=reoccuring'>New Schedule</a>&nbsp;|<br><br>";
    $sql_order = "order by {$sortby} {$sortdir}";
    //    if($viewall == 1) {
    //       $url_sortby="<a href=\"manage_jobs.php?viewall=1&sortby=";
    //    } else {
    //       $url_sortby="<a href=\"manage_jobs.php?sortby=";
    //    }
    echo "<center>";
    status($arruser, $user);
    echo "<br>";
    echo "<form>";
    echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=schedule&hosts_alive=1&scan_locally=1'\" value=\"" . _("New Scan Job") . "\" class=\"button\">";
    echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
    echo "<input type=\"button\" onclick=\"document.location.href='sched.php?smethod=inmediately&hosts_alive=1&scan_locally=1'\" value=\"" . _("Run Scan Now") . "\" class=\"button\">";
    echo "</form>";
    echo "</center>";
    echo "<br>";
    $schedulejobs = _("Scheduled Jobs");
    echo <<<EOT
   <table cellspacing="0" cellpadding="0" border="0" width="90%"><tr><td class="headerpr" style="border:0;">{$schedulejobs}</td></tr></table>
   <table cellspacing="2" width="90%" summary="Job Schedules" 
        border=0 cellspacing="0" cellpadding="0">
    if ($sortdir == "ASC") {
        $sortdir = "DESC";
    } else {
        $sortdir = "ASC";
    $arr = array(_("Name"), _("Schedule Type"), _("Time"), _("Next Scan"), _("Status"));
    // modified by hsh to return all scan schedules
    if (in_array("admin", $arruser)) {
        $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n              FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id ";
    } else {
        $query = "SELECT t2.name as profile, t1.meth_TARGET, t1.id, t1.name, t1.schedule_type, t1.meth_VSET, t1.meth_TIMEOUT, t1.username, t1.enabled, t1.next_CHECK, t1.email\n              FROM vuln_job_schedule t1 LEFT JOIN vuln_nessus_settings t2 ON t1.meth_VSET=t2.id WHERE username in ('{$user}') ";
    //    if($viewall == 1) { // list all schedules
    //    } else { // view only logged in users schedules
    //       $query .= "where username='******' ";
    //    }
    $query .= $sql_order;
    $result = $dbconn->execute($query);
    if ($result->EOF) {
        echo "<tr><td height='20' class='nobborder' style='text-align:center;'>" . _("No Scheduled Jobs") . "</td></tr>";
    if (!$result->EOF) {
        echo "<tr>";
        foreach ($arr as $value) {
            echo "<th><a href=\"manage_jobs.php?sortby={$value}&sortdir={$sortdir}\">{$value}</a></th>";
        echo "<th>" . _("Action") . "</th></tr>";
    while (!$result->EOF) {
        list($profile, $targets, $schedid, $schedname, $schedtype, $sid, $timeout, $user, $schedstatus, $nextscan, $servers) = $result->fields;
        $tz = intval($tz);
        $nextscan = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $nextscan) + 3600 * $tz);
        preg_match("/\\d+\\-\\d+\\-\\d+\\s(\\d+:\\d+:\\d+)/", $nextscan, $found);
        $time = $found[1];
        switch ($schedtype) {
            case "N":
                $stt = _("Once (Now)");
            case "O":
                $stt = _("Once");
            case "D":
                $stt = _("Daily");
            case "W":
                $stt = _("Weekly");
            case "M":
                $stt = _("Monthly");
            case "Q":
                $stt = _("Quarterly");
            case "H":
                $stt = _("On Hold");
            case "NW":
                $stt = _("N<sup>th</sup> weekday of the month");
                $stt = "&nbsp;";
        switch ($schedstatus) {
            case "1":
                $itext = _("Disable Scheduled Job");
                $isrc = "images/stop2.png";
                $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=0";
                $itext = _("Enable Scheduled Job");
                $isrc = "images/play.png";
                $ilink = "manage_jobs.php?disp=setstatus&schedid={$schedid}&enabled=1";
        if ($schedstatus) {
            $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"green\">" . _("Enabled") . "</font></a></td>";
        } else {
            $txt_enabled = "<td><a href=\"{$ilink}\"><font color=\"red\">" . _("Disabled") . "</font></a></td>";
        if (preg_match('/^\\d+$/', $user)) {
            list($entities_all, $num_entities) = Acl::get_entities($dbconn, $user);
            $user = $entities_all[$user]['name'];
        echo <<<EOT
        if ($profile == "") {
            $profile = _("Default");
        echo "<td><a style=\"text-decoration:none;\" href=\"javascript:;\" txt=\"<b>" . _("Owner") . ":</b> {$user}<br><b>" . _("Server") . ":</b> {$servers}<br /><b>" . _("Scheduled Job ID") . ":</b> {$schedid}<br><b>" . _("Profile") . ":</b> {$profile}<br><b>" . _("Targets") . ":</b><br>" . tooltip_hosts($targets, $hosts) . "\" class=\"scriptinfo\">{$schedname}</a></td>";
        echo $stt;
        echo $time;
        echo $nextscan;
        echo <<<EOT
    <td style="padding-top:2px;"><a href="{$ilink}"><img alt="{$itext}" src="{$isrc}" border=0 title="{$itext}"></a>&nbsp;
        echo "<a href='sched.php?disp=edit_sched&sched_id={$schedid}&amp;hmenu=Vulnerabilities&amp;smenu=Jobs'><img src='images/pencil.png' title='" . gettext("Edit Scheduled") . "'></a>&nbsp;";
        echo "<a href='manage_jobs.php?disp=delete&amp;schedid={$schedid}' onclick='return confirmDelete();'><img src='images/delete.gif' title='" . gettext("Delete Scheduled") . "'></a></td>";
        echo <<<EOT
    echo <<<EOT
    echo "<br>";
    if ($_GET['page'] != "") {
        $page = $_GET['page'];
    } else {
        $page = 1;
    $pagesize = 10;
    if ($username == "admin") {
        $query = "SELECT count(id) as num FROM vuln_jobs";
    } else {
        $query = "SELECT count(id) as num FROM vuln_jobs where username='******'";
    $result = $dbconn->Execute($query);
    $jobCount = $result->fields["num"];
    $num_pages = ceil($jobCount / $pagesize);
    //echo "num_pages:[".$num_pages."]";
    //echo "jobCount:[".$jobCount."]";
    //echo "page:[".$page."]";
    all_jobs(0, 10, "R");
    // only running jobs
<br />
    $out = all_jobs(($page - 1) * $pagesize, $pagesize);
<table width="90%" align="center" class="transparent">
    <tr><td style="text-align:center;padding-top:5px;" class="nobborder">
        <a href="javascript:;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();" colspan="2"><img src="../pixmaps/arrow_green.gif" align="absmiddle" border="0">
            <span id="message_show"><?php 
    echo _("Show legend");
            <span id="message_hide" style="display:none"><?php 
    echo _("Hide legend");
        <td class="nobborder" valign="top" style="padding-top:5px;">
    if ($out != 0 && $num_pages != 1) {
        if ($page == 1 && $page == $num_pages) {
            echo '<center><< ' . _("First") . ' <' . _(" Previous") . '&nbsp;&nbsp;&nbsp;[' . $page . ' ' . _("of") . ' ' . $num_pages . ']&nbsp;&nbsp;&nbsp;' . _("Next") . ' >&nbsp;' . _("Last") . ' >></center>';
        } elseif ($page == 1) {
            echo '<center><< ' . _("First") . ' < ' . _("Previous") . '&nbsp;&nbsp;&nbsp;[' . $page . ' ' . _("of") . ' ' . $num_pages . ']&nbsp;&nbsp;&nbsp;<a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a>&nbsp;<a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>';
        } elseif ($page == $num_pages) {
            echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a>&nbsp;<a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a>&nbsp;&nbsp;&nbsp;[' . $page . ' ' . _("of") . ' ' . $num_pages . ']&nbsp;&nbsp;&nbsp;' . _("Next") . '>&nbsp;' . _("Last") . ' >></center>';
        } else {
            echo '<center><a href="manage_jobs.php?page=1"><< ' . _("First") . '</a>&nbsp;<a href="manage_jobs.php?page=' . ($page - 1) . '">< ' . _("Previous") . '</a>&nbsp;&nbsp;&nbsp;[' . $page . ' ' . _("of") . ' ' . $num_pages . ']&nbsp;&nbsp;&nbsp;<a href="manage_jobs.php?page=' . ($page + 1) . '">' . _("Next") . ' ></a>&nbsp;<a href="manage_jobs.php?page=' . $num_pages . '">' . _("Last") . ' >></a></center>';
        //echo "<br>";
        <td width="110" class="nobborder">
            <table width="100%" cellpadding="3" cellspacing="3" id="legend" style="display:none;">
                    <th colspan="2" style="padding-right: 3px;">
                        <div style="float: left; width: 60%; text-align: right;padding-top:3px;"><b><?php 
    echo _("Legend");
                        <div style="float: right; width: 18%; padding-top: 2px; padding-bottom: 2px; text-align: right;"><a style="cursor: pointer; text-align: right;" onclick="$('#legend').toggle();$('#message_show').toggle();$('#message_hide').toggle();"><img src="../pixmaps/cross-circle-frame.png" alt="Close" title="Close" align="absmiddle" border="0"></a></div>
                    <td bgcolor="#EFFFF7" style="border:1px solid #999999" width="25%"></td><td class="nobborder"  width="75%" style="text-align:left;padding-left:7px;"><?php 
    echo _("Completed");
                    <td bgcolor="#EFE1E0" style="border:1px solid #999999" width="25%"></td><td class="nobborder"  width="75%" style="text-align:left;padding-left:7px;"><?php 
    echo _("Failed");
                    <td bgcolor="#D1E7EF" style="border:1px solid #999999" width="25%"></td><td class="nobborder"  width="75%" style="text-align:left;padding-left:7px;"><?php 
    echo _("Running");
                    <td bgcolor="#DFF7FF" style="border:1px solid #999999" width="25%"></td><td class="nobborder"  width="75%" style="text-align:left;padding-left:7px;"><?php 
    echo _("Scheduled");
                    <td bgcolor="#FFFFDF" style="border:1px solid #999999" width="25%"></td><td class="nobborder"  width="75%" style="text-align:left;padding-left:7px;"><?php 
    echo _("Timeout");
        <td class="nobborder">&nbsp;