include "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/includes/base_action.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_common.php"; include_once "{$BASE_path}/base_qry_common.php"; include_once "{$BASE_path}/base_ag_common.php"; $debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : ''; $cs = new CriteriaState("base_ag_main.php"); $cs->ReadState(); $qs = new QueryState(); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $ag_action = ImportHTTPVar("ag_action", VAR_ALPHA | VAR_USCORE); //$ag_id = ImportHTTPVar("ag_id", VAR_DIGIT); $ag_id = filterSql(ImportHTTPVar("ag_id", VAR_DIGIT)); $ag_name = filterSql(ImportHTTPVar("ag_name")); $ag_desc = filterSql(ImportHTTPVar("ag_desc")); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; $BUser = new BaseUser(); if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) { base_header("Location: " . $BASE_urlpath . "/index.php"); } $page_title = gettext("Event Group (AG) Maintenance"); PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); /* a browsing button was clicked */ if (is_numeric($submit)) { if ($debug_mode > 0) { ErrorMessage("Browsing Clicked ({$submit})");
$form = $form . "<tr><td width='25%' align='right'>" . _FRMROLEDESC . "</td>"; $form = $form . "<td align='left'><input type='text' name='desc' value='" . $roleinfo[2] . "'></td></tr>"; $form = $form . "<tr><td colspan='2' align='center'><input type='submit' name='submit' value='" . _UPDATEROLE . "'></td>"; $form = $form . "</tr></table></form>"; $pagebody = $form; break; case "updaterole": // Updates role from above form.... $role = new BaseRole(); $rolearray = array(filterSql($_POST['role_id']), filterSql($_POST['role_name']), filterSql($_POST['desc'])); $role->updateRole($rolearray); base_header("Location: base_roleadmin.php?action=list"); break; case "deleterole": // Deletes role $roleid = filterSql($_GET['roleid']); $BRole = new BaseRole(); $BRole->deleteRole($roleid); base_header("Location: base_roleadmin.php?action=list"); break; case "list": // lists the roles // Build table to list roles and return it as $roletable $role = new BaseRole(); $roles = $role->returnRoles(); $tmpHTML = "<TABLE CELLSPACING=0 CELLPADDING=2 BORDER=0 WIDTH='100%' BGCOLOR='#000000'><TR><TD>"; $tmpHTML = $tmpHTML . "<table CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH='100%' BGCOLOR='#FFFFFF'>"; $tmpHTML = $tmpHTML . "<tr><td CLASS='plfieldhdr' width=25>" . _EDIT . "</td><td CLASS='plfieldhdr' width=35> " . _DELETE . "</td><td CLASS='plfieldhdr'>" . _ID . "</td><td CLASS='plfieldhdr'>" . _NAME; $tmpHTML = $tmpHTML . "</td><td CLASS='plfieldhdr'>" . _DESC . "</td></tr>"; foreach ($roles as $row) { //explode array rows and build table
function SanitizeElement() { if (!isset($this->criteria[0]) || !isset($this->criteria[1])) { $this->criteria = array(0 => '', 1 => ''); } $this->criteria[0] = CleanVariable(@$this->criteria[0], "", array(" ", "=", "LIKE")); $this->criteria[1] = filterSql(@$this->criteria[1]); /* signature name */ $this->criteria[2] = CleanVariable(@$this->criteria[2], "", array("=", "!=")); }
include "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_common.php"; $errorMsg = ""; $displayError = 0; $noDisplayMenu = 1; // Redirect to base_main.php if auth system is off if ($Use_Auth_System == 0) { base_header("Location: base_main.php"); } if (isset($_POST['submit'])) { $debug_mode = 0; // wont login with debug_mode $BASEUSER = new BaseUser(); $user = filterSql($_POST['login']); $pwd = filterSql($_POST['password']); if ($BASEUSER->Authenticate($user, $pwd) == 0) { header("Location: base_main.php"); exit; } } else { $displayError = 1; $errorMsg = gettext("User does not exist or your password was incorrect!<br>Please try again"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!-- <?php echo gettext("Forensics Console " . $BASE_installID) . $BASE_VERSION; ?> --> <html>
} if ($_SESSION['usearchive'] == 1) { if ($_SESSION['arcdbname'] != "") { echo '<LI>' . $_SESSION['arcdbname'] . '<BR>'; } } echo ' </UL> </TD> <TD VALIGN=TOP>'; if ($result == 1) { ErrorMessage(" DONE "); if ($_SESSION['useuserauth'] == 1) { $user = filterSql($_SESSION['usrlogin'], 1); $pwd = md5($_SESSION['usrpasswd']); $name = filterSql($_SESSION['usrname'], 1); $sql = "SELECT COUNT(*) FROM base_users WHERE usr_login = '******'"; $rs_del_cnt = $db->baseExecute($sql); $userdelcnt = $rs_del_cnt->baseFetchRow(); if ($userdelcnt[0] > 0) { $sql = "DELETE FROM base_users WHERE usr_login = '******'"; $db->baseExecute($sql); } $sql = "SELECT MAX(usr_id) FROM base_users;"; $usercount = $db->baseExecute($sql); $usercnt = $usercount->baseFetchRow(); $userid = $usercnt[0] + 1; $sql = "INSERT INTO base_users (usr_id, usr_login, usr_pwd, role_id, usr_name, usr_enabled)"; $sql = $sql . " VALUES (" . $userid . ", '" . $user . "','" . $pwd . "', 1,'" . $name . "', 1);"; $db->baseExecute($sql); if ($db->baseErrorMessage() != "") {
function ListR3($sql, $attr, $link, $conexion = null) { $atributosDefault = array('id' => '', 'class' => 'reporteA', 'checked' => '', 'paginador' => '', 'fieldTotal' => ''); $linkDefault = array('campos' => '', 'args' => '', 'panelId' => '', 'url' => ''); $linksUrl = array('head' => '', 'body' => ''); $atributos = defaultArrayValues($atributosDefault, $attr); $paginador = explode(',', $atributos['paginador']); $paginaStart = is_int((int) get('pagina-start')) && (int) get('pagina-start') > 0 ? get('pagina-start') : 1; $start = ($paginaStart - 1) * $paginador[0]; $limit = ' LIMIT ' . $start . ', ' . $paginador[0]; $sql = filterSql($sql) . $limit; $result = getResult($sql, $conexion); $count = getResult("SELECT FOUND_ROWS() AS total", $conexion); $row = mysql_fetch_object($count); $countTotal = $row->total; $pagitacionHtml = getPagination($paginaStart, $countTotal, $paginador[0], $paginador[1]); if (!empty($link)) { $linkArray = explode('}', $link); if (isset($linkArray[1])) { $linksUrl['body'] = defaultArrayValues($linkDefault, $linkArray[1]); $linksUrl['head'] = defaultArrayValues($linkDefault, $linkArray[0]); } else { $linksUrl['body'] = defaultArrayValues($linkDefault, $linkArray[0]); } } $fieldsName = getFieldsName($result); $fieldsFilter = fieldsFilter($fieldsName, $linksUrl); $tableHeader = getTableHeader($fieldsFilter, $atributos); $tableBody = getTableBody($result, $fieldsFilter, $atributos, $countTotal); $tabla .= "<table id=\"{$atributos['id']}\" class=\"{$atributos['class']}\" style=\"width:100%;clear: both;\">" . "{$tableHeader}{$tableBody}" . "</table>" . "</form>" . "{$pagitacionHtml}"; if ($atributos['checked'] == "checked") { $tabla = "<form method=\"post\" id=\"frm-{$atributos['id']}\">" . $tabla; $tabla .= "</form>"; } return $tabla; }
include "base_conf.php"; include "{$BASE_path}/includes/base_constants.inc.php"; include "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_common.php"; include_once "{$BASE_path}/base_stat_common.php"; include_once "{$BASE_path}/setup/setup_db.inc.php"; $et = new EventTiming($debug_time_mode); $cs = new CriteriaState("base_maintenance.php"); $cs->ReadState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; $BUser = new BaseUser(); if ($Use_Auth_System == 1) { if ($_POST['standalone'] == "yes") { $usrrole = $BUser->AuthenticateNoCookie(filterSql($_POST['user']), filterSql($_POST['pwd'])); if ($usrrole == "Failed") { base_header('HTTP/1.0 401'); } if ($usrrole > $roleneeded) { base_header('HTTP/1.0 403'); } } elseif ($BUser->hasRole($roleneeded) == 0) { base_header("Location: " . $BASE_urlpath . "/index.php"); } } $page_title = gettext("Maintenance"); PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE); ?> <br>
$layer4_dport = $myrow2[8]; $ossim_priority = $myrow2[9]; $ossim_reliability = $myrow2[10]; $ossim_asset_src = $myrow2[11]; $ossim_asset_dst = $myrow2[12]; $ossim_risk_c = $myrow2[13]; $ossim_risk_a = $myrow2[14]; if ($plugin_id == "" || $plugin_sid == "") { echo '<CENTER><B>'; ErrorMessage(gettext("Event DELETED")); echo '</CENTER></B>'; echo "</body>\r\n</html>"; exit(0); } /* Get sensor parameters: */ $sql4 = "SELECT * FROM sensor WHERE sid='" . filterSql($sid, $db) . "'"; $result4 = $db->baseExecute($sql4); $myrow4 = $result4->baseFetchRow(); $result4->baseFreeRows(); $encoding = $myrow4["encoding"]; $detail = $myrow4["detail"]; $payload = ""; /* Get plugin id & sid */ $sql5 = "SELECT ossim.plugin.name, ossim.plugin_sid.name FROM ossim.plugin LEFT JOIN ossim.plugin_sid ON ossim.plugin_sid.plugin_id = ossim.plugin.id WHERE ossim.plugin_sid.sid = {$plugin_sid} and ossim.plugin.id = {$plugin_id}"; $result5 = $db->baseExecute($sql5); if ($myrow5 = $result5->baseFetchRow()) { $plugin_name = $myrow5[0]; $plugin_sid_name = $myrow5[1]; $result5->baseFreeRows(); } // empty plugin name...search only plugin name
function ListR4($sql, $attr, $link, $SUMMARY_STYLE, $conexion = null) { ## ARRAYS DEFAULT DC $atributosDefault = array('id' => '', 'class' => 'reporteA', 'checked' => '', 'paginador' => '', 'fieldTotal' => ''); $linkDefault = array('campos' => '', 'args' => '', 'panelId' => '', 'url' => ''); $linksUrl = array('head' => '', 'body' => ''); $SUMMARY_STYLE_DEFAULT = array('columns_index' => '', 'summary_css' => ''); ## CHANGING ARRAYS VALUES $atributos = defaultArrayValues($atributosDefault, $attr); $SUMMARY_COLS_CSS = defaultArrayValues($SUMMARY_STYLE_DEFAULT, $SUMMARY_STYLE); $paginador = explode(',', $atributos['paginador']); ////CONSTRUYE PARTE DE LA URL DEL PAGINADOR $urlSeg = explode('?', $paginador[1]); $urlSegA = $urlSeg[1]; $urlSegB = explode('=', $urlSegA); $urlSegUrl = $urlSegB[0]; $paginaStart = is_int((int) get('' . $urlSegUrl . 'pagina-start')) && (int) get('' . $urlSegUrl . 'pagina-start') > 0 ? get('' . $urlSegUrl . 'pagina-start') : 1; $start = ($paginaStart - 1) * $paginador[0]; $limit = ' LIMIT ' . $start . ', ' . $paginador[0]; $sql = filterSql($sql); ## EXTRAYENDO EL TOTAL DE FILAS getResult($sql, $conexion); $count = getResult("SELECT FOUND_ROWS() AS total", $conexion); $row = mysql_fetch_object($count); $countTotal = $row->total; $sql = $sql . $limit; $result = getResult($sql, $conexion); $pagitacionHtml = getPagination($paginaStart, $countTotal, $paginador[0], $paginador[1]); if (!empty($link)) { $linkArray = explode('}', $link); if (isset($linkArray[1])) { $linksUrl['body'] = defaultArrayValues($linkDefault, $linkArray[1]); $linksUrl['head'] = defaultArrayValues($linkDefault, $linkArray[0]); } else { $linksUrl['body'] = defaultArrayValues($linkDefault, $linkArray[0]); } } $fieldsName = getFieldsName($result); $fieldsFilter = fieldsFilter($fieldsName, $linksUrl); //vd($fieldsFilter);vd($atributos); $tableHeader = getTableHeader($fieldsFilter, $atributos); $tableBody = getTableBody($result, $fieldsFilter, $atributos, $countTotal, $SUMMARY_COLS_CSS); $tabla .= "<table id=\"{$atributos['id']}\" class=\"{$atributos['class']}\" style=\"width:100%;clear: both;\">" . "{$tableHeader}{$tableBody}" . "</table>" . "</form>" . "{$pagitacionHtml}"; if ($atributos['checked'] == "checked") { $tabla = "<form method=\"post\" id=\"frm-{$atributos['id']}\">" . $tabla; $tabla .= "</form>"; } return $tabla; }
// disable user -- Kevin $userid = filterSql($_GET['userid']); $BUser = new BaseUser(); $BUser->disableUser($userid); base_header("Location: base_useradmin.php?action=list"); break; case "enableuser": // enable user -- Kevin $userid = filterSql($_GET['userid']); $BUser = new BaseUser(); $BUser->enableUser($userid); base_header("Location: base_useradmin.php?action=list"); break; case "deleteuser": // Deletes user $userid = filterSql($_GET['userid']); $BUser = new BaseUser(); $BUser->deleteUser($userid); base_header("Location: base_useradmin.php?action=list"); break; case "list": // Build table to list users and return it as $usertable $user = new BaseUser(); $users = $user->returnUsers(); $tmpHTML = "<TABLE CELLSPACING=0 CELLPADDING=2 BORDER=0 WIDTH='100%' BGCOLOR='#000000'><TR><TD>"; $tmpHTML = $tmpHTML . "<table CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH='100%' BGCOLOR='#FFFFFF'>"; $tmpHTML = $tmpHTML . "<tr><td CLASS='plfieldhdr' width=25>" . _EDIT . "</td><td CLASS='plfieldhdr' width=35> " . _DELETE . "</td><td CLASS='plfieldhdr'>" . _ID . "</td><td CLASS='plfieldhdr'>" . _LOGIN; $tmpHTML = $tmpHTML . "</td><td CLASS='plfieldhdr'>" . _ROLEID . "</td><td CLASS='plfieldhdr'>" . _NAME; $tmpHTML = $tmpHTML . "</td><td CLASS='plfieldhdr'>" . _ENABLED . "</td></tr>"; // Verify that we have a user in the db --Kevin if ($users != "") {
$page_body = ""; $et = new EventTiming($debug_time_mode); $cs = new CriteriaState("base_user.php"); $cs->ReadState(); $userprefs = new BaseUserPrefs(); $userobj = new BaseUser(); $username = $userobj->returnUser(); $page_title = gettext("BASE User preferences"); PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); if (isset($_GET['action'])) { //This is where the processing of this page happens. switch ($_GET['action']) { case "change": //call auth.inc if ($_POST['newpasswd1'] == $_POST['newpasswd2'] && $_POST['newpasswd1'] != "") { $pwdresponse = $userobj->changePassword($username, filterSql($_POST['oldpasswd']), filterSql($_POST['newpasswd1'])); $page_body = $pwdresponse; break; } else { $page_body = gettext("Your password can not be blank or the two passwords did not match!"); } case "changepassword": $form = "<form action='base_user.php?action=change' Method='POST'>"; $form = $form . "<table border=1 class='query'>"; $form = $form . "<tr><td width='25%' align='right'>" . gettext("Old Password:"******"</td>"; $form = $form . "<td align='left'><input type='password' name='oldpasswd'></td></tr>"; $form = $form . "<tr><td width='25%' align='right'>" . gettext("New Password:"******"</td>"; $form = $form . "<td align='left'><input type='password' name='newpasswd1'></td></tr>"; $form = $form . "<tr><td width='25%' align='right'>" . gettext("New Password Again:") . "</td>"; $form = $form . "<td align='left'><input type='password' name='newpasswd2'></td></tr>"; $form = $form . "<tr><td colspan='2' align='center'><input type='submit' name='submit'></td>";