Exemplo n.º 1
0
<?php

/*
 * Print resize subnet
 *********************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Subnets = new Subnets($Database);
$Addresses = new Addresses($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# id must be numeric
if (!is_numeric($_POST['subnetId'])) {
    $Result->show("danger", _("Invalid ID"), true);
}
# get subnet details
$subnet_old = $Subnets->fetch_subnet(null, $_POST['subnetId']);
# verify that user has write permissions for subnet
$subnetPerm = $Subnets->check_permission($User->user, $subnet_old->id);
if ($subnetPerm < 3) {
    $Result->show("danger", _('You do not have permissions to resize subnet') . '!', true);
}
# verify
$Subnets->subnet_split($subnet_old, $_POST['number'], $_POST['prefix'], $_POST['group'], $_POST['strict']);
# all good
$Result->show("success", _("Subnet splitted ok") . "!", true);
Exemplo n.º 2
0
 * Print edit subnet
 *********************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Sections = new Sections($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# ID must be numeric
if (!is_numeric($_POST['subnetId'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# get all groups
$groups = $Admin->fetch_all_objects("userGroups", "g_id");
# get subnet details
$subnet = $Subnets->fetch_subnet(null, $_POST['subnetId']);
?>


<script type="text/javascript">
$(document).ready(function() {
/* bootstrap switch */
var switch_options = {
	onText: "Yes",
	offText: "No",
    onColor: 'default',
Exemplo n.º 3
0
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Subnets = new Subnets($Database);
$Addresses = new Addresses($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->create_csrf_cookie();
# id must be numeric
if (!is_numeric($_POST['subnetId'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# get subnet details
$subnet = $Subnets->fetch_subnet(null, $_POST['subnetId']);
# verify that user has write permissions for subnet
$subnetPerm = $Subnets->check_permission($User->user, $subnet->id);
if ($subnetPerm < 3) {
    $Result->show("danger", _('You do not have permissions to resize subnet') . '!', true, true);
}
?>

<!-- header -->
<div class="pHeader"><?php 
print _('Truncate subnet');
?>
</div>
Exemplo n.º 4
0
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "location");
# validate action
$Admin->validate_action($_POST['action'], true);
# get Location object
if ($_POST['action'] != "add") {
    $location = $Admin->fetch_object("locations", "id", $_POST['id']);
    $location !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
$link = $readonly ? false : true;
# fetch custom fields
$custom = $Tools->fetch_custom_fields('locations');
?>


<!-- header -->
<div class="pHeader"><?php 
print ucwords(_("{$_POST['action']}"));
?>
 <?php 
print _('Location');
Exemplo n.º 5
0
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Sections = new Sections($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "permissions");
# ID must be numeric
if (!is_numeric($_POST['subnetId'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# get all groups
$groups = $Admin->fetch_all_objects("userGroups", "g_name");
# get subnet details
$subnet = $Subnets->fetch_subnet(null, $_POST['subnetId']);
?>


<script type="text/javascript">
$(document).ready(function() {
/* bootstrap switch */
var switch_options = {
	onText: "Yes",
	offText: "No",
    onColor: 'default',
Exemplo n.º 6
0
 * add, edit and delete firewall zones mappings
 **************************************************/
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize classes
$Database = new Database_PDO();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
# validate $_POST['id'] values
if (!preg_match('/^[0-9]+$/i', $_POST['id'])) {
    $Result->show("danger", _("Invalid ID. Do not manipulate the POST values!"), true);
}
# validate $_POST['action'] values
if ($_POST['action'] != 'add' && $_POST['action'] != 'edit' && $_POST['action'] != 'delete') {
    $Result->show("danger", _("Invalid action. Do not manipulate the POST values!"), true);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "disabled" : "";
# fetch all firewall zones
$firewallZones = $Zones->get_zones();
# fetch settings
$firewallZoneSettings = json_decode($User->settings->firewallZoneSettings, true);
# fetch all devices
$devices = $Tools->fetch_multiple_objects("devices", "type", $firewallZoneSettings['deviceType']);
# fetch old mapping
if ($_POST['action'] != 'add') {
Exemplo n.º 7
0
 *	add, edit and delete firewall zones
 ******************************************/
# functions
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize classes
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Subnets = new Subnets($Database);
$Result = new Result();
$Zones = new FirewallZones($Database);
# validate session parameters
$User->check_user_session();
# validate $_POST['id'] values
if (!preg_match('/^[0-9]+$/i', $_POST['id'])) {
    $Result->show("danger", _("Invalid ID. Do not manipulate the POST values!"), true);
}
# validate $_POST['action'] values
if ($_POST['action'] != 'add' && $_POST['action'] != 'edit' && $_POST['action'] != 'delete') {
    $Result->show("danger", _("Invalid action. Do not manipulate the POST values!"), true);
}
# fetch module settings
$firewallZoneSettings = json_decode($User->settings->firewallZoneSettings, true);
# fetch old zone
if ($_POST['action'] != 'add') {
    $firewallZone = $Zones->get_zone($_POST['id']);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
?>
Exemplo n.º 8
0
/* functions */
require dirname(__FILE__) . '/../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Install = new Install($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# admin user is required
$User->is_admin(true);
# try to upgrade database
if ($Install->upgrade_database() === true) {
    # print success
    $Result->show("success", _("Database upgraded successfully! <a class='btn btn-sm btn-default' href='" . create_link('dashboard') . "'>Dashboard</a>"), false);
    # migrate settings
    $User->migrate_domain_settings();
    $User->migrate_ldap_settings();
    # check for possible errors
    if (sizeof($errors = $Tools->verify_database()) > 0) {
        $esize = sizeof($errors['tableError']) + sizeof($errors['fieldError']);
        print '<div class="alert alert-danger">' . "\n";
        # print table errors
        if (isset($errors['tableError'])) {
            print '<strong>' . _('Missing table') . 's:</strong>' . "\n";
            print '<ul class="fix-table">' . "\n";
            foreach ($errors['tableError'] as $table) {
                print '<li>' . $table . '</li>' . "\n";
            }
            print '</ul>' . "\n";
Exemplo n.º 9
0
# verify that user is logged in
$User->check_user_session();
//strip AS if provided, to get just the number
if (substr($_POST['as'], 0, 2) == "AS" || substr($_POST['as'], 0, 2) == "as") {
    $_POST['as'] = substr($_POST['as'], 2);
}
# fetch subnets form ripe
$subnet = $Admin->ripe_fetch_subnets($_POST['as']);
# fetch all sections
$sections = $Admin->fetch_all_objects("sections", "id");
$vlans = $Admin->fetch_all_objects("vlans", "vlanId");
$vrfs = $Admin->fetch_all_objects("vrf", "vrfId");
//none found
if (sizeof(@$subnet) == 0) {
    print "<hr>";
    $Result->show("danger alert-absolute", _('No subnets found') . '!', true);
} else {
    //form
    print '<form name="asImport" id="asImport">';
    //table
    print '<table class="asImport table table-striped table-condensed table-top table-auto">';
    //headers
    print '<tr>';
    print '	<th colspan="5">' . _('I found the following routes belonging to AS') . ' ' . $_POST['as'] . ':</th>';
    print '</tr> ';
    print "<tr>";
    print "\t<th></th>";
    print "\t<th>" . _('Subnet') . "</th>";
    print "\t<th>" . _('select section') . "</th>";
    print "\t<th>" . _('Description') . "</th>";
    print "\t<th>" . _('VLAN') . "</th>";
Exemplo n.º 10
0
/**
 *	remove item from nat
 ************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# get NAT object
$nat = $Admin->fetch_object("nat", "id", $_POST['id']);
$nat !== false ?: $Result->show("danger", _("Invalid ID"), true);
# static NAT checks
if ($nat->type == "static") {
    // static NAT can only have IP address
    if ($_POST['object_type'] != "ipaddresses") {
        $Result->show("danger", _("Static NAT can only contain IP address"), true);
    }
    // decode
    $nat_src = json_decode($nat->src, true);
    $nat_dst = json_decode($nat->dst, true);
    // validate all objects
    if (sizeof(@$nat_src['ipaddresses']) > 0) {
        foreach ($nat_src['ipaddresses'] as $ik => $iv) {
            if ($Tools->fetch_object("ipaddresses", "id", $iv) === false) {
                unset($nat_src['ipaddresses'][$ik]);
            }
Exemplo n.º 11
0
    $Database = new Database_PDO();
    $User = new User($Database);
    $Tools = new Tools($Database);
    $Subnets = new Subnets($Database);
    $Result = new Result();
}
# user must be authenticated
$User->check_user_session();
# set size parameters
$height = 200;
$slimit = 10;
# if direct request include plot JS
if ($_SERVER['HTTP_X_REQUESTED_WITH'] != "XMLHttpRequest") {
    # get widget details
    if (!($widget = $Tools->fetch_object("widgets", "wfile", $_REQUEST['section']))) {
        $Result->show("danger", _("Invalid widget"), true);
    }
    # reset size and limit
    $height = 350;
    $slimit = 20;
    # include flot JS
    print '<script language="javascript" type="text/javascript" src="js/1.2/flot/jquery.flot.js"></script>';
    print '<script language="javascript" type="text/javascript" src="js/1.2/flot/jquery.flot.categories.js"></script>';
    print '<!--[if lte IE 8]><script language="javascript" type="text/javascript" src="js/1.2/flot/excanvas.min.js"></script><![endif]-->';
    # and print title
    print "<div class='container'>";
    print "<h4 style='margin-top:40px;'>{$widget->wtitle}</h4><hr>";
    print "</div>";
}
$type = "IPv4";
# get subnets statistic
Exemplo n.º 12
0
    $Result = new Result();
}
# user must be authenticated
$User->check_user_session();
# if direct request that redirect to tools page
if ($_SERVER['HTTP_X_REQUESTED_WITH'] != "XMLHttpRequest") {
    header("Location: " . create_link("tools", "changelog"));
}
# changelog to syslog
if ($User->settings->log != "syslog") {
    /* get logs */
    $clogs = $Log->fetch_all_changelogs(false, "", 50);
}
# syslog
if ($User->settings->log == "syslog") {
    $Result->show("warning", _("Changelog files are sent to syslog"), false);
} elseif (sizeof($clogs) == 0) {
    print "<blockquote style='margin-top:20px;margin-left:20px;'>";
    print "<p>" . _("No changelogs available") . "</p>";
    print "<small>" . _("No changelog entries are available") . "</small>";
    print "</blockquote>";
} else {
    # printout
    print "<table class='table changelog table-hover table-top table-condensed'>";
    # headers
    print "<tr>";
    print "\t<th>" . _('User') . "</th>";
    print "\t<th>" . _('Type') . "</th>";
    print "\t<th>" . _('Object') . "</th>";
    print "\t<th>" . _('Date') . "</th>";
    print "\t<th class='hidden-xs'>" . _('Change') . "</th>";
Exemplo n.º 13
0
/**
 * Script to display usermod result
 *************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
require dirname(__FILE__) . "/../../../functions/adLDAP/src/adLDAP.php";
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fetch server
$server = $Admin->fetch_object("usersAuthMethod", "id", $_POST['server']);
$server !== false ?: $Result->show("danger", _("Invalid server ID"), true);
//parse parameters
$params = json_decode($server->params);
//no login parameters
if (strlen(@$params->adminUsername) == 0 || strlen(@$params->adminPassword) == 0) {
    $Result->show("danger", _("Missing credentials"), true);
}
//at least 2 chars
if (strlen($_POST['dfilter']) < 2) {
    $Result->show("danger", _('Please enter at least 2 characters'), true);
}
//open connection
try {
    if ($server->type == "NetIQ") {
        $params->account_suffix = "";
    }
Exemplo n.º 14
0
# for edit check old details
if ($_POST['action'] == "edit" || $_POST['action'] == "delete") {
    # old
    $agent_old = $Admin->fetch_object("scanAgents", "id", $_POST['id']);
    // invalid id
    if ($agent_old === false) {
        $error[] = "Invalid agent Id";
    }
    // remove type and code if direct
    if (@$agent_old->type == "direct") {
        unset($_POST['type'], $_POST['code']);
    }
}
# die if direct and delete
if (@$agent_old->type == "direct" && $_POST['action'] == "delete") {
    $Result->show("danger", _("Cannot remove localhost scan agent"), true);
}
# checks for edit / add
if ($_POST['action'] != "delete") {
    # code must be exactly 32 chars long and alfanumeric if app_security = crypt
    if (@$agent_old->type != "direct") {
        if (strlen($_POST['code']) != 32 || !ctype_alnum($_POST['code'])) {
            $error[] = "Invalid agent code";
        }
    }
    # name must be more than 2 and alphanumberic
    if (strlen($_POST['name']) == 0) {
        $error[] = "Invalid agent name";
    }
}
# die if errors
Exemplo n.º 15
0
/**
 *	Script to replace fields in IP address list
 ***********************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
//verify post
if (empty($_POST['search'])) {
    $Result->show("danger", _('Please enter something in search field') . '!', true);
}
//if device verify that it exists
if ($_POST['field'] == "switch") {
    if (!($device1 = $Admin->fetch_object("devices", "hostname", $_POST['search']))) {
        $Result->show("danger  alert-absolute", _('Switch') . ' "<i>' . $_POST['search'] . '</i>" ' . _('does not exist, first create switch under admin menu') . '!', true);
    }
    if (!($device2 = $Admin->fetch_object("devices", "hostname", $_POST['replace']))) {
        $Result->show("danger  alert-absolute", _('Switch') . ' "<i>' . $_POST['search'] . '</i>" ' . _('does not exist, first create switch under admin menu') . '!', true);
    }
    //replace posts
    $_POST['search'] = $device1->id;
    $_POST['replace'] = $device2->id;
}
# update
$Admin->replace_fields($_POST['field'], $_POST['search'], $_POST['replace']);
Exemplo n.º 16
0
/**
 * Move VLAN to new domain
 *******************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
// checks
if (!is_numeric($_POST['newDomainId'])) {
    $Result->show("danger", _("Invalid ID"), true);
}
if (!is_numeric($_POST['vlanId'])) {
    $Result->show("danger", _("Invalid ID"), true);
}
// verify that new exists
$vlan_domain = $Admin->fetch_object("vlanDomains", "id", $_POST['newDomainId']);
if ($vlan_domain === false) {
    $Result->show("danger", _("Invalid ID"), true);
}
//fetch vlan
$vlan = $Admin->fetch_object("vlans", "vlanId", $_POST['vlanId']);
if ($vlan === false) {
    $Result->show("danger", _("Invalid ID"), true);
}
// check that it is not already set !
Exemplo n.º 17
0
 *******************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fake error
print "<div class='alert-danger hidden'></div>";
# scan disabled
if ($User->settings->enableSNMP != "1") {
    $Result->show("danger", _("SNMP module disbled"), true);
}
# admin check
if ($User->is_admin() !== true) {
    $Result->show("danger", _('Admin privileges required'), true);
}
# set class
$Snmp = new phpipamSNMP();
# get existing vrfs
$existing_vrfs = $Tools->fetch_all_objects("vrf", "vrfId");
if ($existing_vrfs !== false) {
    foreach ($existing_vrfs as $v) {
        $ex_vrfs[$v->name] = $v->rd;
    }
}
// no errors
Exemplo n.º 18
0
# include required scripts
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize required objects
$Database = new Database_PDO();
$Result = new Result();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
$Log = new Logging($Database, $User->settings);
$Zones = new FirewallZones($Database);
$Ping = new Scan($Database);
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$User->csrf_cookie("validate", "address", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# validate action
$Tools->validate_action($_POST['action']);
$action = $_POST['action'];
//reset delete action form visual visual
if (isset($_POST['action-visual'])) {
    if (@$_POST['action-visual'] == "delete") {
        $action = "delete";
    }
}
# save $_POST to $address
$address = $_POST;
# required fields
isset($address['action']) ?: $Result->show("danger", _("Missing required fields") . " action", true);
isset($address['subnet']) ?: $Result->show("danger", _("Missing required fields") . " subnet", true);
isset($address['subnetId']) ?: $Result->show("danger", _("Missing required fields") . " subnetId", true);
Exemplo n.º 19
0
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# fetch group and set title
if ($_POST['action'] == "add") {
    $title = _('Add new group');
} else {
    //fetch all group details
    $group = (array) $Admin->fetch_object("userGroups", "g_id", $_POST['id']);
    //false die
    $group !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
    $title = ucwords($_POST['action']) . ' ' . _('group') . ' ' . $group['g_name'];
}
?>

<!-- header -->
<div class="pHeader"><?php 
print $title;
?>
</div>

<!-- content -->
<div class="pContent">

	<form id="groupEdit" name="groupEdit">
	<table class="groupEdit table table-noborder table-condensed">
Exemplo n.º 20
0
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database, false);
$Subnets = new Subnets($Database);
$Sections = new Sections($Database);
$Addresses = new Addresses($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# ID must be numeric
if ($_POST['action'] == "add") {
    if (!is_numeric($_POST['sectionId'])) {
        $Result->show("danger", _("Invalid ID"), true);
    }
} else {
    if (!is_numeric($_POST['subnetId'])) {
        $Result->show("danger", _("Invalid ID"), true);
    }
    if (!is_numeric($_POST['sectionId'])) {
        $Result->show("danger", _("Invalid ID"), true);
    }
}
# if show name than description must be set
if (@$_POST['showName'] == 1 && strlen($_POST['description']) == 0) {
    $Result->show("danger", _("Please enter subnet description to show as name!"), true);
}
# verify that user has permissions to add subnet
if ($_POST['action'] == "add") {
Exemplo n.º 21
0
 * Script to edit domain
 ***************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
$PowerDNS = new PowerDNS($Database);
# verify that user is logged in
$User->check_user_session();
# fetch old record
if ($_POST['action'] != "add") {
    $record = $PowerDNS->fetch_record($_POST['id']);
    $record !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
}
# edit and add - check that smth is in name and content!
if ($_POST['action'] != "delete") {
    if (strlen($_POST['name']) < 2) {
        $Result->show("danger", _("Invalid name"), true);
    }
    if (strlen($_POST['content']) < 2) {
        $Result->show("danger", _("Invalid content"), true);
    }
}
# validate and set values
if ($_POST['action'] == "edit") {
    $values = $PowerDNS->formulate_update_record($_POST['name'], $_POST['type'], $_POST['content'], $_POST['ttl'], $_POST['prio'], $_POST['disabled'], $record->change_date);
    $values['domain_id'] = $_POST['domain_id'];
} elseif ($_POST['action'] == "add") {
Exemplo n.º 22
0
 ***************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# get modified details
$device = $_POST;
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['switchId'])) {
    $Result->show("danger", _("Invalid ID"), true);
}
# available devices set
foreach ($device as $key => $line) {
    if (strlen(strstr($key, "section-")) > 0) {
        $key2 = str_replace("section-", "", $key);
        $temp[] = $key2;
        unset($device[$key]);
    }
}
# glue sections together
$device['sections'] = sizeof($temp) > 0 ? implode(";", $temp) : null;
# Hostname must be present
if ($device['hostname'] == "") {
    $Result->show("danger", _('Hostname is mandatory') . '!', true);
}
Exemplo n.º 23
0
$Sections = new Sections($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "folder");
# strip tags - XSS
$_POST = $User->strip_input_tags($_POST);
# validate action
$Admin->validate_action($_POST['action'], true);
# ID must be numeric
if ($_POST['action'] != "add") {
    if (!is_numeric($_POST['subnetId'])) {
        $Result->show("danger", _("Invalid ID"), true, true);
    }
}
# verify that user has permissions to add subnet
if ($_POST['action'] == "add") {
    if ($Sections->check_permission($User->user, $_POST['sectionId']) != 3) {
        $Result->show("danger", _('You do not have permissions to add new subnet in this section') . "!", true, true);
    }
} else {
    if ($Subnets->check_permission($User->user, $_POST['subnetId']) != 3) {
        $Result->show("danger", _('You do not have permissions to add edit/delete this subnet') . "!", true, true);
    }
}
# we are editing or deleting existing subnet, get old details
if ($_POST['action'] != "add") {
    $folder_old_details = (array) $Subnets->fetch_subnet(null, $_POST['subnetId']);
Exemplo n.º 24
0
 * Edit switch result
 ***************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# strip input tags
$_POST = $Admin->strip_input_tags($_POST);
# validate csrf cookie
$User->csrf_cookie("validate", "vlan_domain", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# we cannot delete default domain
if (@$_POST['id'] == 1 && $_POST['action'] == "delete") {
    $Result->show("danger", _("Default domain cannot be deleted"), true);
}
// ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['id'])) {
    $Result->show("danger", _("Invalid ID"), true);
}
// Hostname must be present
if (@$_POST['name'] == "") {
    $Result->show("danger", _('Name is mandatory') . '!', true);
}
// set sections
if (@$_POST['id'] != 1) {
    foreach ($_POST as $key => $line) {
Exemplo n.º 25
0
/**
 * Script to print mail notification form
 ********************************************/
# include required scripts
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize required objects
$Database = new Database_PDO();
$Result = new Result();
$User = new User($Database);
$Subnets = new Subnets($Database);
$Tools = new Tools($Database);
$Addresses = new Addresses($Database);
# verify that user is logged in
$User->check_user_session();
# id must be numeric
is_numeric($_POST['id']) || strlen($_POST['id']) == 0 ?: $Result->show("danger", _("Invalid ID"), true);
# get IP address id
$id = $_POST['id'];
# fetch address, subnet, vlan and nameservers
$address = (array) $Addresses->fetch_address(null, $id);
$subnet = (array) $Subnets->fetch_subnet(null, $address['subnetId']);
$vlan = (array) $Tools->fetch_object("vlans", "vlanId", $subnet['vlanId']);
$nameservers = (array) $Tools->fetch_object("nameservers", "id", $subnet['nameserverId']);
# get all custom fields
$custom_fields = $Tools->fetch_custom_fields('ipaddresses');
# checks
sizeof($address) > 0 ?: $Result->show("danger", _("Invalid ID"), true);
sizeof($subnet) > 0 ?: $Result->show("danger", _("Invalid subnet"), true);
# set title
$title = _('IP address details') . ' :: ' . $address['ip'];
# address
Exemplo n.º 26
0
    # fetch all addresses - sorted
    if ($slaves) {
        $addresses = $Addresses->fetch_subnet_addresses_recursive($subnet['id'], false, $sort['field'], $sort['direction']);
        $slave_subnets = (array) $Subnets->fetch_subnet_slaves($subnet['id']);
    } else {
        $addresses = $Addresses->fetch_subnet_addresses($subnet['id'], $sort['field'], $sort['direction']);
    }
    # set permissions
    $subnet_permission = $Subnets->check_permission($User->user, $subnet['id']);
}
# We need DNS object
$DNS = new DNS($Database, $User->settings);
/* verifications */
# checks
if (sizeof($subnet) == 0) {
    $Result->show("danger", _('Subnet does not exist'), true);
}
//subnet doesnt exist
if ($subnet_permission == 0) {
    $Result->show("danger", _('You do not have permission to access this network'), true);
}
//not allowed to access
if (!is_numeric($_REQUEST['subnetId'])) {
    $Result->show("danger", _('Invalid ID'), true);
}
//subnet id must be numeric
/* selected and hidden fields */
# reset custom fields to ip addresses
$custom_fields = $Tools->fetch_custom_fields('ipaddresses');
# set hidden custom fields
$hidden_cfields = json_decode($User->settings->hiddenCustomFields, true);
Exemplo n.º 27
0
 * Edit tag
 *************************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->create_csrf_cookie();
# ID must be numeric
if ($_POST['action'] != "add" && !is_numeric($_POST['id'])) {
    $Result->show("danger", _("Invalid ID"), true, true);
}
# fetch api for edit / add
if ($_POST['action'] != "add") {
    # fetch api details
    $tag = $Admin->fetch_object("ipTags", "id", $_POST['id']);
    # null ?
    $tag === false ? $Result->show("danger", _("Invalid ID"), true, true) : null;
}
?>

<script type="text/javascript" src="js/bootstrap-colorpicker.min.js"></script>
<link rel="stylesheet" type="text/css" href="css/bootstrap/bootstrap-colorpicker.min.css">
<script type="text/javascript">
$(function(){
    $('.select-bgcolor').colorpicker();
Exemplo n.º 28
0
<?php

/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# if edit check if protected?
if ($_POST['action'] != "add") {
    $auth_method = $Admin->fetch_object("usersAuthMethod", "id", $_POST['id']);
    if ($auth_method->protected == "Yes") {
        $Result->show("danger", _("Method cannot be change as it is protected"), true, true);
    }
}
# route to proper auth method editing
if (!file_exists(dirname(__FILE__) . "/edit-{$_POST['type']}.php")) {
    $Result->show("danger", _("Invalid method type"), true, true);
} else {
    include "edit-{$_POST['type']}.php";
}
Exemplo n.º 29
0
<?php

/**
 * Edit tag
 *************************************/
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# validate csrf cookie
$_POST['csrf_cookie'] == $_SESSION['csrf_cookie'] ?: $Result->show("danger", _("Invalid CSRF cookie"), true);
# fetch old values
if ($_POST['action'] == "delete") {
    $old_tag = $Admin->fetch_object("ipTags", "id", $_POST['id']);
} else {
    $old_tag = new StdClass();
}
/* checks */
if ($_POST['action'] == "delete" && $old_tag->locked != "No") {
    $Result->show("danger", _("Cannot delete locked tag"), true);
}
if ($_POST['action'] != "delete") {
    if (strlen($_POST['type']) < 3) {
        $Result->show("danger", _("Invalid tag name"), true);
    }
    if (strlen($_POST['bgcolor']) < 4) {
Exemplo n.º 30
0
/* functions */
require dirname(__FILE__) . '/../../../functions/functions.php';
# initialize user object
$Database = new Database_PDO();
$User = new User($Database);
$Admin = new Admin($Database);
$Tools = new Tools($Database);
$Result = new Result();
# verify that user is logged in
$User->check_user_session();
# create csrf token
$csrf = $User->csrf_cookie("create", "nat");
# get NAT object
if ($_POST['action'] != "add") {
    $nat = $Admin->fetch_object("nat", "id", $_POST['id']);
    $nat !== false ?: $Result->show("danger", _("Invalid ID"), true, true);
}
# disable edit on delete
$readonly = $_POST['action'] == "delete" ? "readonly" : "";
$link = $readonly ? false : true;
?>


<!-- header -->
<div class="pHeader"><?php 
print ucwords(_("{$_POST['action']}"));
?>
 <?php 
print _('NAT');
?>
</div>