function saveprefs($sid)
{
global $username, $uroles, $dbconn, $nessus_path;
// get the profile prefs for use later
$sql = "SELECT t.nessusgroup, t.nessus_id, t.field, \n t.type, t.value, n.value, t.category\n FROM vuln_nessus_preferences_defaults t\n LEFT JOIN vuln_nessus_settings_preferences n\n ON t.nessus_id = n.nessus_id\n and n.sid = {$sid}\n order by category desc, nessusgroup, nessus_id";
$result = $dbconn->execute($sql);
if ($result === false) {
// SQL error
echo "Error: There was an error with the DB lookup: " . $dbconn->ErrorMsg() . "<br>";
}
$counter = 0;
// user requested Save, update the DB with the values
// Check to see if this is the owner doing the change
$foo = $dbconn->execute("select owner from vuln_nessus_settings where id = {$sid}");
list($myowner) = $foo->fields;
// if ($myowner <> $username && !$uroles[admin]) {
////logAccess( "$username : "******" : Access deined to profile" );
// echo "Access denied: You do not own this profile and are not an admin - (owner = $myowner).";
// //require_once('footer.php');
// die();
// }
$uuid = Util::get_system_uuid();
while (!$result->EOF) {
$counter++;
$vname = "form" . $counter;
if (isset($_POST[$vname])) {
${$vname} = Util::htmlentities(mysql_real_escape_string(trim($_POST[$vname])), ENT_QUOTES);
} elseif (isset($_GET[$vname])) {
$logh->log("{$username} : " . $_SERVER['SCRIPT_NAME'] . " : GET instead of POST method used - failed to save", PEAR_LOG_NOTICE);
echo "Please use the settings.php form to submit your changes.";
require_once 'footer.php';
die;
} else {
${$vname} = "";
}
list($nessusgroup, $nessus_id, $field, $type, $default, $value, $category) = $result->fields;
/* if (strstr($nessus_id, "[password]")) { // password field
if ($$vname!="" && !strstr($$vname,'ENC{')) { // not encrypted
$enc = new Crypt_CBC($dbk, $cipher);
$encrypted_val = $enc->encrypt($$vname);
$$vname = "ENC{" . base64_encode($encrypted_val) . "}";
}
}
*/
updatedb($nessus_id, ${$vname}, $dbconn, $type, $category, $sid, $uuid);
$result->MoveNext();
}
// end while loop
/*
* find all records in the vuln_nessus_settings_preferences table that
* have no matching value in vuln_nessus_preferences_defaults
* and delete them from vuln_nessus_preferences
*/
$sql = "select n.nessus_id \n\t\t from vuln_nessus_settings_preferences n\n\t\t left join vuln_nessus_preferences_defaults t\n on n.nessus_id = t.nessus_id\n where t.nessus_id is null";
$result = $dbconn->execute($sql);
while (!$result->EOF) {
list($pleasedeleteme) = $result->fields;
$sql2 = "delete from vuln_nessus_settings_preferences\n where nessus_id = \"{$pleasedeleteme}\"";
$result2 = $dbconn->execute($sql2);
$result->MoveNext();
}
// echo <<<EOT
//Nessus settings saved<BR>
//EOT;
// logAccess( "Edited Prefs for Profile $sid" );
if (preg_match("/omp\\s*\$/i", $nessus_path)) {
$omp = new OMP();
$omp->set_preferences($sid);
}
edit_serverprefs($sid);
//edit_profile($sid);
}
