function select_profile()
{
global $sid, $username, $dbconn, $version, $nessus_path;
$used_sids = array();
if (preg_match("/omp\\s*\$/i", $nessus_path)) {
$omp = new OMP();
$used_sids = $omp->get_used_sids();
}
$entities_nt = array();
$query = "SELECT ae.id as eid, ae.name as ename, aet.name as etype FROM acl_entities AS ae, acl_entities_types AS aet WHERE ae.type = aet.id";
$result_entities = $dbconn->Execute($query);
while (!$result_entities->EOF) {
$entities_nt[$result_entities->fields['eid']] = $result_entities->fields['ename'] . " [" . $result_entities->fields['etype'] . "]";
$result_entities->MoveNext();
}
$query = "";
$normal_user_pro = false;
if ($username == "admin") {
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' ORDER BY name";
} else {
if (preg_match("/pro|demo/i", $version)) {
if (Acl::am_i_proadmin()) {
$pro_users = array();
$entities_list = array();
//list($entities_admin,$num) = Acl::get_entities_admin($dbconn,Session::get_session_user());
//$entities_list = array_keys($entities_admin);
$entities_list = Acl::get_user_entities($current_user);
$users = Acl::get_my_users($dbconn, Session::get_session_user());
foreach ($users as $us) {
$pro_users[] = $us["login"];
}
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','" . implode("', '", array_merge($entities_list, $pro_users)) . "')) ORDER BY name";
} else {
$tmp = array();
$entities = Acl::get_user_entities($username);
foreach ($entities as $entity) {
$tmp[] = "'" . $entity . "'";
}
if (count($tmp) > 0) {
$user_where = "owner in ('0','{$username}'," . implode(", ", $tmp) . ")";
} else {
$user_where = "owner in ('0','{$username}')";
}
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or {$user_where}) ORDER BY name";
$normal_user_pro = true;
}
} else {
$query = "SELECT id, name, description, owner, type FROM vuln_nessus_settings \n WHERE deleted != '1' and (name='Default' or owner in ('0','{$username}')) ORDER BY name";
}
}
//var_dump($query);
$result = $dbconn->execute($query);
//echo $query;
echo "<CENTER>";
echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"headerpr\" style=\"border:0;\">" . _("Vulnerability Scan Profiles") . "</td></tr></table>";
echo "<table cellspacing=\"0\" cellpadding=\"0\" border=\"0\" width=\"800\"><tr><td class=\"noborder\">";
echo "<p>";
echo _("Please select a profile to edit") . ":";
echo "</p>";
echo "<table align='center'>";
echo "<tr>";
if ($username == "admin" || Session::am_i_admin()) {
echo "<th>" . _("Available for") . "</th>";
}
echo " <th>" . _("Profile") . "</th>";
echo " <th>" . _("Description") . "</th>";
echo " <th>" . _("Action") . "</th>";
echo "</tr>";
while (!$result->EOF) {
//<td>$sowner</td>
//<td>$stype</td>
list($sid, $sname, $sdescription, $sowner, $stype) = $result->fields;
echo "<tr>";
if ($username == "admin" || Session::am_i_admin()) {
if ($sowner == "0") {
echo "<td>" . _("All") . "</td>";
} elseif (is_numeric($sowner)) {
echo "<td style='padding:0px 2px 0px 2px;'>" . $entities_nt[$sowner] . "</td>";
} else {
echo "<td>" . html_entity_decode($sowner) . "</td>";
}
}
echo "<td>" . html_entity_decode($sname) . "</td>";
echo "<td>" . html_entity_decode($sdescription) . "</td>";
echo "<td>";
//var_dump($normal_user_pro);
//var_dump($sowner);
//var_dump($username);
//var_dump($used_sids);
if ($normal_user_pro && $sowner != $username && $sname != "Default") {
echo " ";
} elseif ($username == "admin" || Session::am_i_admin()) {
if (!in_array($sid, $used_sids)) {
echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>";
echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>";
} else {
echo "<img src=\"images/pencil.png\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">";
echo "<img src=\"images/delete.gif\" title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\">";
}
} elseif ($sname == "Default") {
echo "[" . _("edit by admin") . "]";
} elseif ($sname != "Default") {
if (!in_array($sid, $used_sids)) {
echo "<a href=\"settings.php?disp=edit&&sid={$sid}\"><img src=\"images/pencil.png\"></a>";
echo "<a href=\"settings.php?disp=edit&op=delete&sid={$sid}\" onclick=\"return confirmDelete();\"><img src=\"images/delete.gif\"></a>";
} else {
echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/pencil.png\">";
echo "<img title=\"" . _("This profile is being used by a running job now") . "\" style=\"filter:alpha(opacity=50);-moz-opacity:0.5;-khtml-opacity: 0.5;opacity: 0.5;\" src=\"images/delete.gif\">";
}
}
echo "</td>";
echo "</tr>";
$result->MoveNext();
}
echo "</table>";
echo "<center>";
echo "<p>";
echo "<form>";
echo "<input type=button onclick=\"document.location.href='settings.php?disp=new'\" value=\"" . _("Create New Profile") . "\" class=\"button\"> ";
if ($username == "admin" || Session::am_i_admin()) {
echo "<input type=button onclick=\"document.location.href='defaults.php'\" value=\"" . _("Edit default profile") . "\" class=\"button\">";
}
echo "</form>";
echo "</p>";
echo "</center>";
echo "<br><br>";
echo "</td></tr></table></center>";
// end else
}
