Пример #1
0
function search($page, $kw, $cve, $family, $risk, $start_date, $end_date)
{
    global $dbconn;
    $dbconn->SetFetchMode(ADODB_FETCH_BOTH);
    $Limit = 20;
    $risks = array("7" => _("Info"), "6" => _("Low"), "3" => _("Medium"), "2" => _("High"), "1" => _("Serious"));
    $query = "SELECT name FROM vuln_nessus_family WHERE id={$family}";
    $result = $dbconn->execute($query);
    list($family_name) = $result->fields;
    if ($kw == "") {
        $txt_kw = "All";
    } else {
        $txt_kw = $kw;
    }
    if ($cve == "") {
        $txt_cve = "All";
    } else {
        $txt_cve = $cve;
    }
    if ($family_name == "") {
        $txt_family = "All";
    } else {
        $txt_family = $family_name;
    }
    if ($risk == "") {
        $txt_risk = "All";
    } else {
        $txt_risk = $risks[$risk];
    }
    if ($start_date == "") {
        $txt_start_date = "All";
    } else {
        $txt_start_date = $start_date;
    }
    if ($end_date == "") {
        $txt_end_date = "All";
    } else {
        $txt_end_date = $end_date;
    }
    echo '
<table style="margin-top:10px;" class="t_width noborder">
         <tr>
        <td class="table_header">
         <div class="c_back_button">
    	      <input type="button" class="av_b_back" onclick="document.location.href=\'threats-db.php?start_date=' . urlencode($start_date) . '&end_date=' . urlencode($end_date) . '&kw=' . urlencode($kw) . '&risk=' . urlencode($risk) . '&scve=' . urlencode($cve) . '\';return false;"/>    	         
    	  </div>  
        <div class="sec_title">
        ' . _("Search results for this criteria") . '
        </div>
         </td>
     </tr>
</table>

     <table cellpadding="0" cellspacing="0" class="transparent" align="center" width="100%">
          <tr><th>' . gettext("Start Date") . '</th><th>' . gettext("End Date") . '</th><th>' . gettext("Keywords") . '</th><th>' . gettext("CVE Id") . '</th><th>' . gettext("Family") . '</th><th>' . gettext("Risk Factor") . '</th></tr>
          <tr>
          <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_start_date) . '</td>
          <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_end_date) . '</td>
          <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_kw) . '</td>
          <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_cve) . '</td>
          <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_family) . '</td>
          <td class="nobborder" style="text-align:center;">' . Util::htmlentities($txt_risk) . '</td>
          </tr>
     </table>
     <br>
     <table class="table_list">

';
    $query_filter = "WHERE 1=1 ";
    if ($kw != "") {
        $skw = mysql_real_escape_string($kw);
        $query_filter .= "AND ( t1.summary LIKE '%{$skw}%' OR t1.cve_id LIKE '%{$skw}%' OR t2.name LIKE '%{$skw}%' OR CONCAT(t2.name, ' - ', t1.summary) LIKE '%{$skw}%' )";
    }
    if ($cve != "") {
        $cve2 = preg_replace("/cve-/i", "CVE ", $cve);
        $query_filter .= "AND ( t1.cve_id LIKE '%{$cve}%' OR t1.cve_id LIKE '%{$cve2}%')";
    }
    if ($family != "") {
        $query_filter .= "AND t1.family = '{$family}'";
    }
    if ($risk != "") {
        $query_filter .= "AND t1.risk = '{$risk}'";
    }
    if ($start_date != "") {
        $query_filter .= " AND CONVERT(t1.created,UNSIGNED) >= " . str_replace("-", "", $start_date) . "000000";
    }
    if ($end_date != "") {
        $query_filter .= " AND CONVERT(t1.created,UNSIGNED) <= " . str_replace("-", "", $end_date) . "235959";
    }
    $query_filter = ltrim($query_filter, "AND ");
    if ($query_filter == "") {
        $query_filter = "1";
    }
    if (!preg_match("/t2/", $query_filter)) {
        $query = "SELECT count( t1.id ) FROM vuln_nessus_plugins t1 {$query_filter}";
    } else {
        $query = "SELECT count( t1.id ) FROM vuln_nessus_plugins t1 LEFT JOIN vuln_nessus_family t2 ON t1.family = t2.id {$query_filter}";
    }
    $result = $dbconn->execute($query);
    list($numrec) = $result->fields;
    if ($numrec > 0) {
        $numpages = intval($numrec / $Limit);
    } else {
        $numpages = 1;
    }
    if ($numrec % $Limit) {
        $numpages++;
    }
    // add one page if remainder
    if ($page > 0) {
        $previous = $page - 1;
    } else {
        $previous = -1;
    }
    if ($numpages > $page) {
        $next = $page + 1;
    } else {
        $next = -1;
    }
    $offset = ($page - 1) * $Limit;
    $query = "SELECT t1.cve_id, t1.id, t1.risk, t1.created, t2.name, t1.summary \n          FROM vuln_nessus_plugins t1 LEFT JOIN vuln_nessus_family t2 on t1.family=t2.id\n          {$query_filter} LIMIT {$offset},{$Limit}";
    //echo "query=$query<br>";
    $result = $dbconn->execute($query);
    if (!$result->EOF) {
        echo <<<EOT
        <form action="threats-db.php" method="post">
        <INPUT TYPE=HIDDEN NAME="disp" VALUE="search">
        <INPUT TYPE=HIDDEN NAME="page" VALUE="{$page}">
        <INPUT TYPE=HIDDEN NAME="kw" VALUE="{$kw}">
        <INPUT TYPE=HIDDEN NAME="family" VALUE="{$family}">
        <INPUT TYPE=HIDDEN NAME="risk" VALUE="{$risk}">
        <INPUT TYPE=HIDDEN NAME="start_date" VALUE="{$start_date}">
        <INPUT TYPE=HIDDEN NAME="end_date" VALUE="{$end_date}">
        <INPUT TYPE=HIDDEN NAME="cve" VALUE="{$cve}">

        <table id="results-table" class="table_list" cellpadding="0" cellspacing="0" width="100%" align="center">
EOT;
        echo "<tr><th sort:format=\"int\" align=\"center\">" . gettext("ID") . "</th>";
        echo "<th sort:format=\"int\" align=\"center\">" . gettext("Risk") . "</th>";
        echo "<th sort:format=\"int\" align=\"center\">" . gettext("Defined On") . "</th>";
        echo "<th sort:format=\"str\" align=\"left\">" . gettext("Threat Family &amp; Summary") . "</th>";
        echo "<th>" . gettext("CVE Id") . "</th>";
        echo "</tr>";
        $color = 0;
        while (!$result->EOF) {
            list($cve_id, $pid, $prisk, $pcreated, $pfamily, $psummary) = $result->fields;
            //<a href=\"lookup.php?id=$pid\" atest=\"ids\">$pid</a>
            $dt_pcreated = gen_strtotime($pcreated, "");
            echo "<tr>\n                   <td sort:by=\"18606\" style=\"padding:3px\" align=\"center\" valign=\"top\">\n                       <a href='javascript:;' style='text-decoration:none;' lid='" . $pid . "' class='scriptinfo'>" . $pid . "</a>\n                  </td>\n                     <td sort:by=\"4\" align=\"center\" valign=\"top\">\n                       <img src=\"./images/risk" . $prisk . ".gif\" style=\"margin-top:3px;width: 25px; height: 10px; border: 1px solid\" />\n                     </td>\n                     <td sort:by=\"1120546800\" align=\"center\" valign=\"top\">\n                       {$dt_pcreated}\n                     </td>\n                     <td style=\"text-align:left;\" sort:by=\"Gentoo Local Checks\" valign=\"top\">\n                         <strong>{$pfamily}</strong> - {$psummary}\n                     </td>\n                     <td>";
            if ($cve_id == "") {
                echo "-";
            } else {
                $listcves = explode(",", $cve_id);
                foreach ($listcves as $c) {
                    $c = trim($c);
                    $c = preg_replace("/cve\\s+/i", "CVE-", $c);
                    echo "<a href='http://www.cvedetails.com/cve/{$c}/' target='_blank'>{$c}</a><br>";
                }
            }
            echo "</td></tr>";
            $result->MoveNext();
            $color++;
        }
        echo '</table>';
        $istatus = $next > 0 ? '' : 'disabled="disabled"';
        $dstatus = $previous > 0 ? '' : 'disabled="disabled"';
        echo '<input type="submit" name="increment" value="' . _("Next >") . '" class="av_b_transparent fright" ' . $istatus . '>';
        echo '<input type="submit" name="decrement" value="' . _("< Previous") . '" class="av_b_transparent fright"' . $dstatus . '>';
        echo "</form>";
    } else {
        echo "<div class=\"center\"><a href=\"threats-db.php?start_date={$start_date}&end_date={$end_date}&kw={$kw}&risk={$risk}&scve={$cve}\">" . _("No results found, try to change the search parameters") . "</a></div>";
    }
    echo "</td></tr></table></center>";
}
Пример #2
0
function reportsummary()
{
    //GENERATE REPORT SUMMARY
    global $user, $border, $report_id, $scantime, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $pluginid;
    global $treport, $sid, $ipl;
    $tz = Util::get_timezone();
    $htmlsummary = '';
    $user_filter = $user != '' ? "AND t1.username in ({$user})" : "";
    $query = "SELECT t2.id, t1.username, t1.name as job_name, t2.name as profile_name, t2.description \n                    FROM vuln_jobs t1\n                    LEFT JOIN vuln_nessus_settings t2 on t1.meth_VSET=t2.id\n                    WHERE t1.report_id in ({$report_id}) {$user_filter}\n                    order by t1.SCAN_END DESC";
    $result = $dbconn->execute($query);
    $id_profile = $result->fields['id'];
    $query_uid = $result->fields['username'];
    $job_name = $result->fields['jobname'];
    $profile_name = $result->fields['profile_name'];
    $profile_desc = $result->fields['description'];
    if ($job_name == '') {
        // imported report
        $query_imported_report = "SELECT name FROM vuln_nessus_reports WHERE scantime='{$scantime}'";
        $result_imported_report = $dbconn->execute($query_imported_report);
        $job_name = $result_imported_report->fields["name"];
    }
    if ($tz == 0) {
        $localtime = gen_strtotime($scantime, "");
    } else {
        $localtime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($scantime) + 3600 * $tz);
    }
    $htmlsummary .= "<table border=\"5\" width=\"900\" style=\"margin: 9px 0px 0px 0px;\"><tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n         \n         <b>" . _("Scan time") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:9px;\">" . $localtime . "&nbsp;&nbsp;&nbsp;</td>";
    //Generated date
    $gendate = gmdate("Y-m-d H:i:s", gmdate("U") + 3600 * $tz);
    $htmlsummary .= "<th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n         <b>" . _("Generated") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$gendate}</td></tr>";
    $htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n                <b>" . _("Profile") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">";
    $htmlsummary .= "{$profile_name} - {$profile_desc}&nbsp;&nbsp;&nbsp;</td>\n                <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n                <b>" . _("Job Name") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$job_name}</td></tr>";
    $htmlsummary .= "</table>";
    return "<center>" . $htmlsummary . "</center>";
}
Пример #3
0
function search($page, $kw, $cve, $family, $risk, $start_date, $end_date)
{
    global $dbconn;
    $Limit = 20;
    $risks = array("1" => _("Info"), "2" => _("Low"), "3" => _("Medium"), "6" => _("High"), "7" => _("Serious"));
    $query = "SELECT name FROM vuln_nessus_family WHERE id={$family}";
    $result = $dbconn->execute($query);
    list($family_name) = $result->fields;
    if ($kw == "") {
        $txt_kw = "All";
    } else {
        $txt_kw = $kw;
    }
    if ($cve == "") {
        $txt_cve = "All";
    } else {
        $txt_cve = $cve;
    }
    if ($family_name == "") {
        $txt_family = "All";
    } else {
        $txt_family = $family_name;
    }
    if ($risk == "") {
        $txt_risk = "All";
    } else {
        $txt_risk = $risks[$risk];
    }
    if ($start_date == "") {
        $txt_start_date = "All";
    } else {
        $txt_start_date = $start_date;
    }
    if ($end_date == "") {
        $txt_end_date = "All";
    } else {
        $txt_end_date = $end_date;
    }
    echo "<center><table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"800\" class=\"noborder\">";
    echo "<tr class=\"noborder\" style=\"background-color:white\"><td class=\"headerpr\">";
    echo "    <table width=\"100%\" class=\"noborder\" style=\"background-color:transparent\">";
    echo "        <tr class=\"noborder\" style=\"background-color:transparent\"><td width=\"20\" class=\"noborder\">";
    echo "        <a href=\"threats-db.php?start_date={$start_date}&end_date={$end_date}&kw={$kw}&risk={$risk}&scve={$cve}\"><img src=\"./images/back.png\" border=\"0\" alt=\"" . _("Back") . "\" title=\"" . _("Back") . "\"></a>";
    echo "        </td><td width=\"780\">";
    echo "        </font>";
    echo "        " . _("Search results for this criteria") . "</td></tr>";
    echo "    </table>";
    echo "</td></tr>";
    echo "</table>";
    echo '
<table cellpadding="0" cellspacing="0" align="center" width="800">
     <tr><td height="50" class="nobborder">
     <table cellpadding="0" cellspacing="2" align="center" width="95%">
          <tr><th>' . gettext("Start Date") . '</th><th>' . gettext("End Date") . '</th><th>' . gettext("Keywords") . '</th><th>' . gettext("CVE Id") . '</th><th>' . gettext("Family") . '</th><th>' . gettext("Risk Factor") . '</th></tr>
          <tr>
          <td class="nobborder" style="text-align:center;">' . $txt_start_date . '</td>
          <td class="nobborder" style="text-align:center;">' . $txt_end_date . '</td>
          <td class="nobborder" style="text-align:center;">' . html_entity_decode($txt_kw) . '</td>
          <td class="nobborder" style="text-align:center;">' . $txt_cve . '</td>
          <td class="nobborder" style="text-align:center;">' . $txt_family . '</td>
          <td class="nobborder" style="text-align:center;">' . $txt_risk . '</td>
          </tr>
     </table>
     </td></tr>
     <tr><td class="nobborder" style="text-align:center;padding-bottom:10px;">

';
    $query_filter = "";
    if ($kw != "") {
        $query_filter .= "AND ( t1.summary LIKE '%{$kw}%' OR t1.cve_id LIKE '%{$kw}%' OR t2.name LIKE '%{$kw}%' OR CONCAT(t2.name, ' - ', t1.summary) LIKE '%{$kw}%' )";
    }
    if ($cve != "") {
        $query_filter .= "AND ( t1.cve_id LIKE '%{$cve}%' )";
    }
    if ($family != "") {
        $query_filter .= "AND t1.family = '{$family}'";
    }
    if ($risk != "") {
        $query_filter .= "AND t1.risk = '{$risk}'";
    }
    if ($start_date != "") {
        $query_filter .= " AND CONVERT(t1.created,UNSIGNED) >= " . str_replace("-", "", $start_date) . "000000";
    }
    if ($end_date != "") {
        $query_filter .= " AND CONVERT(t1.created,UNSIGNED) <= " . str_replace("-", "", $end_date) . "235959";
    }
    $query_filter = ltrim($query_filter, "AND ");
    if ($query_filter == "") {
        $query_filter = "1";
    }
    $query_filter = "WHERE {$query_filter}";
    if (!preg_match("/t2/", $query_filter)) {
        $query = "SELECT count( t1.id ) FROM vuln_nessus_plugins t1 {$query_filter}";
    } else {
        $query = "SELECT count( t1.id ) FROM vuln_nessus_plugins t1 LEFT JOIN vuln_nessus_family t2 ON t1.family = t2.id {$query_filter}";
    }
    $result = $dbconn->execute($query);
    list($numrec) = $result->fields;
    if ($numrec > 0) {
        $numpages = intval($numrec / $Limit);
    } else {
        $numpages = 1;
    }
    if ($numrec % $Limit) {
        $numpages++;
    }
    // add one page if remainder
    if ($page > 0) {
        $previous = $page - 1;
    } else {
        $previous = -1;
    }
    if ($numpages > $page) {
        $next = $page + 1;
    } else {
        $next = -1;
    }
    $offset = ($page - 1) * $Limit;
    $query = "SELECT t1.cve_id, t1.id, t1.risk, t1.created, t2.name, t1.summary \n          FROM vuln_nessus_plugins t1 LEFT JOIN vuln_nessus_family t2 on t1.family=t2.id\n          {$query_filter} LIMIT {$offset},{$Limit}";
    //echo "query=$query<br>";
    $result = $dbconn->execute($query);
    if (!$result->EOF) {
        echo <<<EOT
        <form action="threats-db.php" method="post">
        <INPUT TYPE=HIDDEN NAME="disp" VALUE="search">
        <INPUT TYPE=HIDDEN NAME="page" VALUE="{$page}">
        <INPUT TYPE=HIDDEN NAME="kw" VALUE="{$kw}">
        <INPUT TYPE=HIDDEN NAME="family" VALUE="{$family}">
        <INPUT TYPE=HIDDEN NAME="risk" VALUE="{$risk}">
        <INPUT TYPE=HIDDEN NAME="start_date" VALUE="{$start_date}">
        <INPUT TYPE=HIDDEN NAME="end_date" VALUE="{$end_date}">
        <INPUT TYPE=HIDDEN NAME="cve" VALUE="{$cve}">

        <table id="results-table" class="tabular" cellpadding="2" cellspacing="2" width="95%" align="center">
EOT;
        echo "<thead><tr><th sort:format=\"int\" align=\"center\">" . gettext("ID") . "</th>";
        echo "<th sort:format=\"int\" align=\"center\">" . gettext("Risk") . "</th>";
        echo "<th sort:format=\"int\" align=\"center\">" . gettext("Defined On") . "</th>";
        echo "<th sort:format=\"str\" align=\"left\">" . gettext("Threat Family &amp; Summary") . "</th>";
        echo "<th>" . gettext("CVE Id") . "</th>";
        echo "</tr></thead>";
        while (!$result->EOF) {
            list($cve_id, $pid, $prisk, $pcreated, $pfamily, $psummary) = $result->fields;
            //<a href=\"lookup.php?id=$pid\" atest=\"ids\">$pid</a>
            $dt_pcreated = gen_strtotime($pcreated, "");
            echo "<tr>\n                   <td sort:by=\"18606\" align=\"center\" valign=\"top\">\n                       <a href='javascript:;' lid='" . $pid . "' class='scriptinfo'>" . $pid . "</a>\n                  </td>\n                     <td sort:by=\"4\" align=\"center\" valign=\"top\">\n                       <img src=\"./images/risk" . $prisk . ".gif\" style=\"width: 25px; height: 10px; border: 1px solid\" />\n                     </td>\n                     <td sort:by=\"1120546800\" align=\"center\" valign=\"top\">\n                       {$dt_pcreated}\n                     </td>\n                     <td style=\"text-align:left;\" sort:by=\"Gentoo Local Checks\" valign=\"top\">\n                         <strong>{$pfamily}</strong> - {$psummary}\n                     </td>\n                     <td>";
            if ($cve_id == "") {
                echo "-";
            } else {
                $listcves = explode(",", $cve_id);
                foreach ($listcves as $c) {
                    $c = trim($c);
                    echo "<a href='http://www.cvedetails.com/cve/{$c}/' target='_blank'>{$c}</a><br>";
                }
            }
            echo "</td></tr>";
            $result->MoveNext();
        }
        if ($previous > 0 || $next > 0) {
            echo "<tr><td class=\"nobborder\" style=\"text-align:center;\" colSpan=\"12\" height=\"18\">";
            if ($previous > 0) {
                echo "<input type=\"submit\" name=\"increment\" value=\"" . gettext("Previous") . "\" class=\"button\">&nbsp;&nbsp;&nbsp;";
            }
            if ($next > 0) {
                echo "<input type=\"submit\" name=\"increment\" value=\"" . gettext("Next") . "\" class=\"button\">";
            }
            echo "</td></tr></table></form>";
        }
    } else {
        echo "<a href=\"threats-db.php?start_date={$start_date}&end_date={$end_date}&kw={$kw}&risk={$risk}&scve={$cve}\"><b>" . _("No results found, try to change the search parameters") . "</b></a>";
    }
    echo "</td></tr></table></center>";
}
Пример #4
0
function submit_scan($op, $sched_id, $sname, $notify_email, $schedule_type, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $dayofweek, $dayofmonth, $timeout, $SVRid, $sid, $tarSel, $ip_list, $ip_exceptions_list, $ip_start, $ip_end, $named_list, $cidr, $subnet, $system, $cred_type, $credid, $acc, $domain, $accpass, $acctype, $passtype, $passstore, $wpolicies, $wfpolicies, $upolicies, $custadd_type, $cust_plugins, $is_enabled, $hosts_alive, $scan_locally, $nthweekday, $semail, $not_resolve)
{
    global $wdaysMap, $daysMap, $allowscan, $uroles, $username, $schedOptions, $adminmail, $mailfrom, $dbk, $dbconn;
    require_once "classes/Util.inc";
    $tz = Util::get_timezone();
    if (empty($ROYEAR)) {
        $ROYEAR = gmdate("Y");
    }
    if (empty($ROMONTH)) {
        $ROMONTH = gmdate("m");
    }
    if (empty($ROday)) {
        $ROday = gmdate("d");
    }
    list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz);
    $ROYEAR = $_y;
    $ROMONTH = $_m;
    $ROday = $_d;
    $time_hour = $_h;
    $time_min = $_u;
    if ($not_resolve == "1") {
        $resolve_names = 0;
    } else {
        $resolve_names = 1;
    }
    $notify_email = str_replace(";", ",", $notify_email);
    $requested_run = "";
    $jobType = "M";
    $recurring = False;
    $targets = array();
    $time_value = "";
    $profile_desc = getProfileName($sid);
    $target_list = "";
    $need_authorized = "";
    $request = "";
    $plugs_list = "NULL";
    $fk_name = "NULL";
    $target_list = "NULL";
    $tmp_target_list = "";
    $jobs_names = array();
    $sjobs_names = array();
    //$I3crID = getCredentialId ( $cred_type, $passstore, $credid, $acc, $domain, $accpass, $acctype, $passtype );
    $I3crID = "";
    if ($hosts_alive == "1") {
        // option: Only scan hosts that are alive
        $I3crID = "1";
    } else {
        $I3crID = "0";
    }
    if ($custadd_type == "") {
        $custadd_type = "N";
    }
    if ($custadd_type != "N" && $cust_plugins != "") {
        $plugs_list = "";
        $vals = preg_split("/\\s+|\r\n|,|;/", $cust_plugins);
        foreach ($vals as $v) {
            $v = trim($v);
            if (strlen($v) > 0) {
                $plugs_list .= $v . "\n";
            }
        }
        $plugs_list = "'" . $plugs_list . "'";
    }
    /*     echo <<<EOT
         <h3>Job Details:</h3>
         <center>
         <table>
         <tr><th align="right">Job Name</th><td>$sname</td></tr>
         <tr><th align="right">Notify</th><td>$notify_email</td></tr>
         <tr><th align="right">Timeout</th><td>$timeout</td></tr>
         <tr><th align="right">Profile</th><td>$profile_desc</td></tr>
         <tr><th></th><td>&nbsp;</td></tr>
         <tr><th align="right">Schedule Info</th><td>&nbsp;</td></tr>
    EOT;*/
    //$arrTime = localtime((int)gmdate('U'), true);
    $arrTime = explode(":", gmdate('Y:m:d:w:H:i:s'));
    $year = $arrTime[0];
    $mon = $arrTime[1];
    $mday = $arrTime[2];
    $wday = $arrTime[3];
    $hour = $arrTime[4];
    $min = $arrTime[5];
    $sec = $arrTime[6];
    $timenow = $hour . $min . $sec;
    if ($time_hour) {
        $hour = $time_hour;
    }
    if ($time_min) {
        $min = $time_min;
    }
    #echo "hour=$hour<br>";
    #$hour = $hour - $tz_offset;
    #echo "offset=$tz_offset<br>hour=$hour<br>";
    #if ( $hour < "0" ) { echo "change 1<br>"; $hour = $hour + 24; }
    #if ( $hour >= "24" ) { echo "change 2<br>"; $hour = $hour - 24; }
    #echo "hour_changed=$hour<br>";
    $run_wday = $wdaysMap[$dayofweek];
    #echo "run_day=$run_wday<br>dayofweek=$dayofweek<br>";
    $run_time = sprintf("%02d%02d%02d", $time_hour, $time_min, "00");
    $run_mday = $dayofmonth;
    $time_value = "{$time_hour}:{$time_min}:00";
    //echo "schedule_type: ".$schedule_type;
    //echo "$run_time : $timenow\n"; exit();
    $ndays = array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday");
    switch ($schedule_type) {
        case "N":
            $requested_run = gmdate("YmdHis");
            $sched_message = "No reccurring Jobs Necessary";
            break;
        case "O":
            $requested_run = sprintf("%04d%02d%02d%06d", $ROYEAR, $ROMONTH, $ROday, $run_time);
            $sched_message = "No reccurring Jobs Necessary";
            //var_dump($schedule_type);
            $recurring = True;
            $reccur_type = "Run Once";
            break;
        case "D":
            if ($run_time > $timenow) {
                $next_day = $year . $mon . $mday;
            } else {
                $next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U")));
            }
            // next day
            $requested_run = sprintf("%08d%06d", $next_day, $run_time);
            $recurring = True;
            $sched_message = "Schedule Reccurring";
            $reccur_type = "Daily";
            break;
        case "W":
            if ($run_wday == $wday && $run_time > $timenow) {
                $next_day = $year . $mon . $mday;
            } else {
                $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U")));
            }
            // next week
            $requested_run = sprintf("%08d%06d", $next_day, $run_time);
            $recurring = True;
            $sched_message = "Schedule Reccurring";
            $reccur_type = "Weekly";
            break;
        case "M":
            if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) {
                $next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday;
                // this month
                #echo "date selected is in the future<br>";
            } else {
                $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday);
                #$next_day = gmdate("Ymd", mktime(0, 0, 0, date("m")+1, $run_mday, date("y"))); // next month
                #echo "date selected is in the past<br>";
            }
            #echo "run_mday=$run_mday mday=$mday rtime=$run_time now=$timenow next_day=$next_day<br>";
            $requested_run = sprintf("%08d%06d", $next_day, $run_time);
            $recurring = True;
            $sched_message = "Schedule Reccurring";
            $reccur_type = "Montly";
            break;
        case "NW":
            $dayweektonum = array("Mo" => 1, "Tu" => 2, "We" => 3, "Th" => 4, "Fr" => 5, "Sa" => 6, "Su" => 7);
            $next_day = nthweekdaymonth($year, gmdate("n"), 1, $dayweektonum[$dayofweek], $nthweekday);
            $requested_run = sprintf("%08d%06d", $next_day, $run_time);
            $dayofmonth = $nthweekday;
            $recurring = True;
            $sched_message = "Schedule Reccurring";
            $reccur_type = "Nth weekday of the month";
            break;
        default:
            break;
    }
    //if ( $schedule_type != "N" ){
    //$requested_run  = switchTime_TimeZone( $requested_run, "server" );
    //}
    /*     echo <<<EOT
    
         <tr><th align="right">Type</th><td>$schedOptions[$schedule_type]</td></tr>
         <tr><th align="right">First Occurrence</th><td>$requested_run</td></tr>
         <tr><th align="right">Recurring</th><td>$sched_message</td></tr>
         <tr><th align="right">&nbsp;</th><td></td></tr>
         <tr><th colspan="2">Target Selection</th></tr>
    EOT;*/
    switch ($tarSel) {
        case "1":
            #SINGLE
            $vals = preg_split("/\\s+|\r\n|;/", $ip_list);
            foreach ($vals as $v) {
                $v = trim($v);
                if (strlen($v) > 0) {
                    array_push($targets, $v);
                }
            }
            break;
        case "2":
            #IP RANGE
            if ($ip_start || $ip_end) {
                if ($ip_start && $ip_end) {
                    $targets = range2List($ip_start, $ip_end);
                } else {
                    //     echo "<tr><td colspan=2>incomplete target list</td></tr>";
                }
            }
            break;
        case "3":
            #NAMED TARGET
            $vals = preg_split("/\\s+|\n|,|;/", $named_list);
            foreach ($vals as $v) {
                $v = trim($v);
                if (strlen($v) > 0) {
                    $ip = gethostbyname($v);
                    if (strlen($ip) > 0) {
                        array_push($targets, $ip);
                    } else {
                        //     echo "<tr><td colspan=2>$v&nbsp;&nbsp;Name could not be resolved</td></tr>";
                    }
                }
            }
            break;
        case "4":
            #SUBNET
            array_push($targets, $cidr);
            break;
        case "5":
            if ($uroles['auditAll'] && $subnet == "ALL") {
                array_push($targets, "all_live_subnets");
            } else {
                array_push($targets, $subnet);
            }
            $fk_name = "'" . $subnet . "'";
            break;
        case "6":
            #$query = "SELECT isso_email, admin_sys, admin_dba, admin_network from vuln_systems WHERE acronym='$system'";
            #$result = $dbconn->Execute($query);
            #list( $isso_poc, $poc_sa, $poc_dba, $poc_network ) = $result->fields;
            $all_pocs = $isso_poc;
            if ($all_pocs != "" && $poc_sa != "") {
                $all_pocs .= ", {$poc_sa}";
            }
            if ($all_pocs != "" && $poc_dba != "") {
                $all_pocs .= ", {$poc_dba}";
            }
            if ($all_pocs != "" && $poc_network != "") {
                $all_pocs .= ", {$poc_network}";
            }
            $notify_email = $all_pocs;
            $fk_name = "'" . $system . "'";
            break;
        default:
            #INPUT FILE
            break;
    }
    if ($tarSel < "4") {
        foreach ($targets as $hostip) {
            if (!$allowscan && !inrange($hostip, $dbconn)) {
                $need_authorized .= $hostip . "\n";
            }
            $tmp_target_list .= $hostip . "\n";
            //echo "<tr><td colspan=2>$hostip</td></tr>";
        }
        if ($need_authorized != "") {
            //echo "<tr><th colspan=2><font color=red>NOT IN APPROVED ZONE</font></th></tr>";
            $html_needs_auth = str_replace("\n", "<br>", $need_authorized);
            //echo "<tr><td colspan=2>$html_needs_auth</td></tr>";
        }
    } elseif ($tarSel == "4") {
        $tmp_target_list = $cidr;
        //echo "<tr><td colspan=2>$cidr</td></tr>";
    } elseif ($tarSel == "6") {
        $jobType = "S";
        if ($recurring == True) {
            #$tmp_target_list="";
            #DO NOT PUT THE LIST OF IP'S IN UNTIL THE JOB STARTS FOR REOCCURING ( LIST MAY BE FREQUENT TO CHANGE )
        } else {
            /*$query = "SELECT hostip from vuln_systems t1
                         LEFT JOIN vuln_system_hosts t2 on t2.sysID = t1.id
                         WHERE t1.acronym='$system'";
                      $result = $dbconn->Execute($query);
            
                      while ( !$result->EOF ) {
                         list($hostip) = $result->fields;
                         if ( strlen($hostip)>0) {
                            $tmp_target_list .= "$hostip\n";
                            array_push($targets, $hostip );
                         }
                         $result->MoveNext();
                      }*/
        }
        //       echo "<tr><td colspan=2>$system</td></tr>";
    } else {
        $jobType = "C";
        $tmp_target_list = $subnet;
        //       echo "<tr><td colspan=2>$subnet</td></tr>";
    }
    if (!($tarSel == "6" && $recurring == True) && count($targets) == 0) {
        //      echo "<p><center><font color=red>Missing Host Selection or BAD LIST:$targets[0]<br><br></font>"
        //         ."[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center></p>";
        //logAccess( "USER $username Fubared: Missing Host Selection or BAD LIST:$targets[0]" );
        require_once "footer.php";
        exit;
    } elseif (!$sname) {
        //      echo "<p><center><font color=red>Missing or BAD SNAME:[$sname]<br><br></font>"
        //         ."[ <a href=\"javascript:history.go(-1)\">Go Back</a> ]</center></p>";
        //logAccess( "USER $username Fubared something on job name [$sname]" );
        require_once "footer.php";
        exit;
    }
    if ($subnet == "" or $subnet == "0") {
        $subnet = "Null";
    } else {
        $subnet = "'{$subnet}'";
    }
    if ($SVRid == "" or $SVRid == "Null") {
        $SVRid = "Null";
    } else {
        $SVRid = "'{$SVRid}'";
    }
    if ($tmp_target_list != "") {
        $target_list = "'" . $tmp_target_list . "'";
    }
    $arrChecks = array("w" => $wpolicies, "f" => $wfpolicies, "u" => $upolicies);
    $arrAudits = array('w', 'f', 'u');
    foreach ($arrChecks as $check => $policydata) {
        $i = 1;
        $audit_data = "";
        if ($policydata) {
            if ($i <= 5) {
                foreach ($policydata as $policy) {
                    $audit_data .= "{$policy}\n";
                    $i++;
                }
            }
        }
        if ($audit_data != "") {
            $arrAudits[$check] = "'{$audit_data}'";
        } else {
            $arrAudits[$check] = "NULL";
        }
    }
    $insert_time = gmdate("YmdHis");
    //   if ( $need_authorized != "" || !($uroles['nessus']) ) {
    //      $jobType="R";  #REQUEST JOB
    //      #DO not wrap $subnet / $SVRid with ticks '' as 'Null' is not Null
    //      $query = "INSERT INTO vuln_jobs ( name, fk_name, username, job_TYPE, meth_SCHED, meth_TARGET, meth_CRED,
    //          meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, scan_SUBMIT,
    //          scan_next, scan_PRIORITY, status, notify ) VALUES ( '$sname', $fk_name, '$username', '$jobType', '$schedule_type', $target_list, $I3crID,
    //          '$sid', '$custadd_type', $plugs_list, $arrAudits[w], $arrAudits[f], $arrAudits[u], '$timeout', $SVRid, '$insert_time',
    //          '$requested_run', '3' , 'H', '$notify_email' )";
    //      $request = "for Approval";
    //      $subject = "Scan request [$sname]";
    //      $message = "HELLO SOC TEAM, \tThe following User [ $username ] has requested a scan against:\n"
    //         ." $target_list\n\nPlease Promptly Accept/Reject the request!"
    //         ."Thank You\n\nThe SOC TEAM!\n";
    // mail($adminmail, $subject, $message, "From: $mailfrom\nX-Mailer: PHP/" . phpversion());
    //   echo "needs authorization<br>";
    //logAccess( "USER $username Submitted Scan Request [$sname]" );
    // } else {
    require_once "classes/Host_sensor_reference.inc";
    require_once "classes/Net_sensor_reference.inc";
    require_once "classes/Net.inc";
    require_once "classes/Scan.inc";
    require_once "classes/Sensor.inc";
    //Check Permissions
    $allowed = array();
    $notallowed = array();
    $ftargets = explode("\\r\\n", $target_list);
    foreach ($ftargets as $ftarget) {
        $ftarget = preg_replace("/\r|\n|\t|\\s|\\'/", "", $ftarget);
        $unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $ftarget) && $not_resolve ? true : false;
        if (preg_match("/\\//", $ftarget) && Session::netAllowed($dbconn, Net::get_name_by_ip($dbconn, $ftarget))) {
            //, $username
            $allowed[] = $ftarget;
        } else {
            if (Session::hostAllowed($dbconn, $ftarget) || $unresolved) {
                // , $username
                $allowed[] = $ftarget;
            } else {
                $notallowed[] = $ftarget;
            }
        }
    }
    if (count($allowed) > 0) {
        $forced_server = "";
        $all_sensors = array();
        $sensor_list = Sensor::get_all($dbconn, "", false);
        foreach ($sensor_list as $s) {
            $all_sensors[$s->get_ip()] = $s->get_name();
        }
        // force scanner
        if ($SVRid != "Null") {
            $query = "SELECT hostname FROM vuln_nessus_servers WHERE id={$SVRid}";
            $result = $dbconn->execute($query);
            list($forced_server) = $result->fields;
        } elseif ($not_resolve) {
            $result = $dbconn->Execute("SELECT name,hostname FROM vuln_nessus_servers WHERE enabled=1");
            while (!$result->EOF) {
                list($name, $hostname) = $result->fields;
                if (Session::sensorAllowed($hostname)) {
                    $all_sensors[$hostname] = $name;
                }
                $result->MoveNext();
            }
        }
        // remote nmap
        $rscan = new RemoteScan("", "");
        if ($rscan->available_scan()) {
            $reports = $rscan->get_scans();
            $ids = is_array($reports) ? array_keys($reports) : array();
        } else {
            $ids = array();
        }
        //if ($forced_server!="") $ids = array_merge(array($forced_server),$ids);
        //$tsjobs = explode("\\r\\n", $target_list);
        $sgr = array();
        $unables = array();
        $tsjobs = $allowed;
        foreach ($tsjobs as $tjobs) {
            $tjobs = preg_replace("/\r|\n|\t|\\s|\\'/", "", $tjobs);
            $unresolved = !preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $tjobs) && $not_resolve ? true : false;
            if (preg_match("/\\//", $tjobs)) {
                $sensor = Net_sensor_reference::get_list_array($dbconn, $tjobs);
            } else {
                $sensor = Host_sensor_reference::get_list_array($dbconn, $tjobs);
            }
            if ($forced_server != "") {
                $sensor = array_merge(array($forced_server), $sensor);
            }
            if ($unresolved || Session::am_i_admin() && count($sensor) == 0 && $forced_server == "") {
                if ($unresolved) {
                    foreach ($all_sensors as $sip => $unused) {
                        $sensor[] = $sip;
                    }
                } else {
                    $local_ip = `grep framework_ip /etc/ossim/ossim_setup.conf | cut -f 2 -d "="`;
                    $local_ip = trim($local_ip);
                    $results = $dbconn->Execute("SELECT name FROM vuln_nessus_servers WHERE hostname like '{$local_ip}'");
                    if ($results->fields["name"] != "") {
                        $sensor[] = $local_ip;
                    }
                }
            }
            // reorder sensors with load
            if ($forced_server != "") {
                $sensor = Sensor::reorder_sensors($dbconn, $sensor);
            }
            // select best sensor with available nmap and vulnmeter
            $selected = array();
            foreach ($sensor as $sen) {
                $properties = Sensor::get_properties($dbconn, $sen);
                $withnmap = in_array($all_sensors[$sen], $ids) || !$hosts_alive || $unresolved;
                //echo "$sen:".$all_sensors[$sen].":$withnmap || $scan_locally:".$properties["has_vuln_scanner"]." || $SVRid:$forced_server<br>\n";
                if ((Session::sensorAllowed($sen) || $forced_server != "") && ($withnmap || $scan_locally) && ($properties["has_vuln_scanner"] || $forced_server != "")) {
                    //$selected = ($SVRid!="Null" && $all_sensors[$sen]!="") ? $all_sensors[$sen] : $sen;
                    //echo "sel:$selected<br>\n";
                    //break;
                    $selected[] = $forced_server != "" ? $forced_server : $sen;
                }
            }
            if (count($selected) > 0) {
                $sgr[implode(",", array_unique($selected))][] = $tjobs;
            } else {
                $unables[] = $tjobs;
            }
        }
        $query = array();
        /*    if($tz!=0) {
                  list ($y,$m,$d,$h,$u,$s,$time) = Util::get_utc_from_date($dbconn, $requested_run, $tz);
                  $requested_run = $y.$m.$d.$h.$u.$s;
              }*/
        if ($op == "editrecurring" && $sched_id > 0) {
            $query[] = "DELETE FROM vuln_job_schedule WHERE id='{$sched_id}'";
            $i = 1;
            foreach ($sgr as $notify_sensor => $targets) {
                $target_list = implode("\n", $targets);
                $target_list .= "\n" . implode("\n", $ip_exceptions_list);
                $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n                            time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, \n                            meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names ) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n                            '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n                            {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$arrAudits['w']}, {$semail}, '{$scan_locally}',\n                            '{$timeout}', {$SVRid}, '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ) ";
                $sjobs_names[] = $sname . $i;
                $i++;
            }
        } elseif ($recurring) {
            $i = 1;
            foreach ($sgr as $notify_sensor => $targets) {
                $target_list = implode("\n", $targets);
                $target_list .= "\n" . implode("\n", $ip_exceptions_list);
                $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n                                time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, \n                                meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names ) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n                                '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n                                {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$arrAudits['w']}, {$semail}, '{$scan_locally}',\n                                '{$timeout}', {$SVRid}, '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ) ";
                $sjobs_names[] = $sname . $i;
                $i++;
            }
        } else {
            $i = 1;
            foreach ($sgr as $notify_sensor => $targets) {
                $target_list = implode("\n", $targets);
                $target_list .= "\n" . implode("\n", $ip_exceptions_list);
                $query[] = "INSERT INTO vuln_jobs ( name, username, fk_name, job_TYPE, meth_SCHED, meth_TARGET,  meth_CRED,\n                        meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wcheck, meth_Wfile, meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED,\n                        scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names ) VALUES ( '{$sname}',\n                        '{$username}', '" . Session::get_session_user() . "', '{$jobType}', '{$schedule_type}', '{$target_list}', {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list},\n                        {$arrAudits['w']}, {$semail}, {$arrAudits['u']}, '{$timeout}', {$SVRid}, '{$insert_time}', '{$requested_run}', '3',\n                        'S', '{$notify_sensor}', '{$scan_locally}', 'ACL', '{$resolve_names}' ) ";
                $jobs_names[] = $sname . $i;
                $i++;
            }
        }
        $query_insert_time = gen_strtotime($insert_time, "");
        foreach ($query as $sql) {
            $error_updating = false;
            $error_inserting = false;
            $sql = str_replace(", ',", ", '',", str_replace("''", "'", $sql));
            if ($dbconn->execute($sql) === false) {
                echo _("Error creating scan job") . ": " . $dbconn->ErrorMsg();
                if ($op == "editrecurring") {
                    $error_updating = true;
                } else {
                    $error_creating = true;
                }
            } else {
                if ($op == "editrecurring" && !$error_updating) {
                    echo "<br><center>" . _("Successfully Updated Recurring Job") . "</center>";
                    if (count($notallowed) == 0 && count($unables) == 0) {
                        ?>
<script type="text/javascript">
                        //<![CDATA[
                        document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'; 
                        //]]>
                        </script><?php 
                    }
                    //logAccess( "Updated Recurring Job [ $jid ]" );
                } elseif (!$error_creating) {
                    echo "<br><center>" . _("Successfully Submitted Job") . " {$request}</center>";
                    //logAccess( "Submitted Job [ $jid ] $request" );
                    foreach ($jobs_names as $job_name) {
                        $infolog = array($job_name);
                        Log_action::log(66, $infolog);
                    }
                    foreach ($sjobs_names as $job_name) {
                        $infolog = array($job_name);
                        Log_action::log(67, $infolog);
                    }
                    if (count($notallowed) == 0 && count($unables) == 0) {
                        ?>
<script type="text/javascript">
                        //<![CDATA[
                        document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs';
                        //]]>
                        </script><?php 
                    }
                } else {
                    echo "<br><center>" . _("Failed Job Creation") . "</center>";
                    //logAccess( "Failed Job Creation" );
                    if (count($notallowed) == 0 && count($unables) == 0) {
                        ?>
<script type="text/javascript">
                        //<![CDATA[
                        document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs';
                        //]]>
                        </script><?php 
                    }
                }
            }
        }
    }
    //end count($alowed)>0
    if (count($notallowed) > 0 || count($unables) > 0) {
        echo "<center>";
        echo "<table class=\"noborder\" width=\"400\" style=\"background-color:transparent;\">";
        echo "<tr><td class=\"nobborder\" style=\"text-align:left;\"><b>" . _("Errors Found") . ":</b></td></tr>";
        if (count($notallowed) > 0) {
            if (!preg_match("/^\\d+\$/", $username)) {
                echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("User") . " <b>{$username}</b> " . _("is not allowed for the following targets") . ":</td></tr>";
            } else {
                $entity_query = "SELECT name FROM acl_entities WHERE id={$username}";
                $result = $dbconn->execute($entity_query);
                list($username) = $result->fields;
                echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("Entiy") . " <b>{$username}</b> " . _("is not allowed for the following targets") . ":</td></tr>";
            }
            foreach ($notallowed as $target) {
                echo "<tr><td class=\"nobborder\" style=\"text-align:left;padding-left:5px;\">- <b>{$target}</b></tr>";
            }
            echo "<tr height=\"30\"><td class=\"nobborder\">&nbsp;</td></tr>";
        }
        if (count($unables) > 0) {
            echo "<tr><td class=\"nobborder\" style=\"text-align:left;\">" . _("No remote vulnerability scanners available for the following targets") . ":</td></tr>";
            foreach ($unables as $target) {
                echo "<tr><td class=\"nobborder\" style=\"text-align:left;padding-left:5px;\">- <b>{$target}</b></tr>";
            }
            echo "<tr height=\"30\"><td class=\"nobborder\">&nbsp;</td></tr>";
        }
        echo "<tr><td class=\"nobborder\" style=\"text-align:center;\">";
        echo "<form action=\"sched.php\" method=\"post\">";
        ?>
              <input type="hidden" name="sname" value="<?php 
        echo $sname;
        ?>
"/>
              <?php 
        $SVRid = str_replace("'", "", $SVRid);
        ?>
              <input type="hidden" name="SVRid" value="<?php 
        echo $SVRid;
        ?>
"/>
              <input type="hidden" name="sid" value="<?php 
        echo $sid;
        ?>
"/>
              <input type="hidden" name="timeout" value="<?php 
        echo $timeout;
        ?>
"/>
              <input type="hidden" name="schedule_type" value="<?php 
        echo $schedule_type;
        ?>
"/>
              <input type="hidden" name="ROYEAR" value="<?php 
        echo $ROYEAR;
        ?>
"/>
              <input type="hidden" name="ROMONTH" value="<?php 
        echo $ROMONTH;
        ?>
"/>
              <input type="hidden" name="ROday" value="<?php 
        echo $ROday;
        ?>
"/>
              <input type="hidden" name="time_hour" value="<?php 
        echo $time_hour;
        ?>
"/>
              <input type="hidden" name="time_min" value="<?php 
        echo $time_min;
        ?>
"/>
              <input type="hidden" name="dayofweek" value="<?php 
        echo $dayofweek;
        ?>
"/>
              <input type="hidden" name="nthweekday" value="<?php 
        echo $nthweekday;
        ?>
"/>
              <input type="hidden" name="dayofmonth" value="<?php 
        echo $dayofmonth;
        ?>
"/>
              <input type="hidden" name="ip_list" value="<?php 
        echo str_replace("\\r\\n", ";;", $ip_list);
        ?>
"/>
              <?php 
        if (is_numeric($username)) {
            ?>
                <input type="hidden" name="entity" value="<?php 
            echo $username;
            ?>
"/>
              <?php 
        } else {
            ?>
                <input type="hidden" name="user" value="<?php 
            echo $username;
            ?>
"/>
              <?php 
        }
        ?>
              <input type="hidden" name="hosts_alive" value="<?php 
        echo $hosts_alive;
        ?>
"/>
              <input type="hidden" name="scan_locally" value="<?php 
        echo $scan_locally;
        ?>
"/> 
              <input type="hidden" name="semail" value="<?php 
        echo $semail;
        ?>
"/>
              <input type="hidden" name="not_resolve" value="<?php 
        echo $not_resolve;
        ?>
"/>
        <?php 
        echo "<input type=\"submit\" value=\"" . _("Back") . "\" class=\"button\"/> &nbsp; ";
        echo "<input value=\"" . _("Continue") . "\" class=\"button\" type=\"button\" onclick=\"document.location.href='manage_jobs.php?hmenu=Vulnerabilities&smenu=Jobs'\"></form>";
        echo "</td></tr>";
        echo "</table>";
        echo "</center>";
    }
    echo "</b></center>";
}
Пример #5
0
function submit_scan($vuln_op, $sched_id, $sname, $notify_email, $schedule_type, $ROYEAR, $ROMONTH, $ROday, $time_hour, $time_min, $dayofweek, $dayofmonth, $timeout, $SVRid, $sid, $tarSel, $ip_list, $ip_exceptions_list, $ip_start, $ip_end, $named_list, $cidr, $subnet, $system, $cred_type, $credid, $acc, $domain, $accpass, $acctype, $passtype, $passstore, $wpolicies, $wfpolicies, $upolicies, $custadd_type, $cust_plugins, $is_enabled, $hosts_alive, $scan_locally, $nthweekday, $semail, $not_resolve, $time_interval, $biyear, $bimonth, $biday, $ssh_credential = "", $smb_credential = "")
{
    global $wdaysMap, $daysMap, $allowscan, $uroles, $username, $schedOptions, $adminmail, $mailfrom, $dbk, $dbconn;
    // credentials
    $credentials = $ssh_credential . "|" . $smb_credential;
    $btime_hour = $time_hour;
    // save local time
    $btime_min = $time_min;
    $bbiyear = $biyear;
    $bbimonth = $bimonth;
    $bbiday = $biday;
    $tz = Util::get_timezone();
    if ($schedule_type == "O") {
        // date and time for run once
        if (empty($ROYEAR)) {
            $ROYEAR = gmdate("Y");
        }
        if (empty($ROMONTH)) {
            $ROMONTH = gmdate("m");
        }
        if (empty($ROday)) {
            $ROday = gmdate("d");
        }
        list($_y, $_m, $_d, $_h, $_u, $_s, $_time) = Util::get_utc_from_date($dbconn, "{$ROYEAR}-{$ROMONTH}-{$ROday} {$time_hour}:{$time_min}:00", $tz);
        $ROYEAR = $_y;
        $ROMONTH = $_m;
        $ROday = $_d;
        $time_hour = $_h;
        $time_min = $_u;
    } else {
        if ($schedule_type == "D" || $schedule_type == "W" || $schedule_type == "M" || $schedule_type == "NW") {
            // date and time for Daily, Day of Week, Day of month, Nth weekday of month
            list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, "{$biyear}-{$bimonth}-{$biday} {$time_hour}:{$time_min}:00", $tz);
            $biyear = $b_y;
            $bimonth = $b_m;
            $biday = $b_d;
            $time_hour = $b_h;
            $time_min = $b_u;
        }
    }
    if ($not_resolve == "1") {
        $resolve_names = 0;
    } else {
        $resolve_names = 1;
    }
    $notify_email = str_replace(";", ",", $notify_email);
    $requested_run = "";
    $jobType = "M";
    $recurring = False;
    $targets = array();
    $time_value = "";
    $profile_desc = getProfileName($sid);
    $target_list = "";
    $need_authorized = "";
    $request = "";
    $plugs_list = "NULL";
    $fk_name = "NULL";
    $target_list = "NULL";
    $tmp_target_list = "";
    $jobs_names = array();
    $sjobs_names = array();
    $I3crID = "";
    if ($hosts_alive == "1") {
        // option: Only scan hosts that are alive
        $I3crID = "1";
    } else {
        $I3crID = "0";
    }
    // if ( $custadd_type == "" ) { $custadd_type = "N"; }
    // if ( $custadd_type != "N" && $cust_plugins != "" ) {
    // $plugs_list="";
    // $vals=preg_split( "/\s+|\r\n|,|;/", $cust_plugins );
    // foreach($vals as $v) {
    // $v=trim($v);
    // if ( strlen($v)>0 ) {
    // $plugs_list .= $v . "\n";
    // }
    // }
    // $plugs_list = "'".$plugs_list."'";
    // }
    if ($schedule_type != "N") {
        // current datetime in UTC
        $arrTime = explode(":", gmdate('Y:m:d:w:H:i:s'));
        $year = $arrTime[0];
        $mon = $arrTime[1];
        $mday = $arrTime[2];
        $wday = $arrTime[3];
        $hour = $arrTime[4];
        $min = $arrTime[5];
        $sec = $arrTime[6];
        $timenow = $hour . $min . $sec;
        $run_wday = $wdaysMap[$dayofweek];
        $run_time = sprintf("%02d%02d%02d", $time_hour, $time_min, "00");
        $run_mday = $dayofmonth;
        $time_value = "{$time_hour}:{$time_min}:00";
        $ndays = array("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday");
        $begin_in_seconds = mktime($bihour, $bimin, 0, $bimonth, $biday, $biyear);
        // selected datetime by user in UTC
        $current_in_seconds = mktime($hour, $min, 0, $mon, $mday, $year);
        // current datetime in UTC
        if (strlen($bimonth) == 1) {
            $bimonth = "0" . $bimonth;
        }
        if (strlen($biday) == 1) {
            $biday = "0" . $biday;
        }
    }
    switch ($schedule_type) {
        case "N":
            $requested_run = gmdate("YmdHis");
            $sched_message = "No reccurring Jobs Necessary";
            break;
        case "O":
            $requested_run = sprintf("%04d%02d%02d%06d", $ROYEAR, $ROMONTH, $ROday, $run_time);
            //error_log("O-> $requested_run\n" ,3,"/tmp/sched.log");
            $sched_message = "No reccurring Jobs Necessary";
            $recurring = True;
            $reccur_type = "Run Once";
            break;
        case "D":
            if ($begin_in_seconds > $current_in_seconds) {
                $next_day = $biyear . $bimonth . $biday;
                // selected date by user
            } else {
                if ($run_time > $timenow) {
                    $next_day = $year . $mon . $mday;
                } else {
                    $next_day = gmdate("Ymd", strtotime("+1 day GMT", gmdate("U")));
                }
                // next day
            }
            $requested_run = sprintf("%08d%06d", $next_day, $run_time);
            //error_log("D-> $requested_run\n" ,3,"/tmp/sched.log");
            $recurring = True;
            $sched_message = "Schedule Reccurring";
            $reccur_type = "Daily";
            break;
        case "W":
            if ($begin_in_seconds > $current_in_seconds) {
                // if it is a future date
                $wday = date("w", mktime(0, 0, 0, $bimonth, $biday, $biyear));
                // make week day for begin day
                if ($run_wday == $wday) {
                    $next_day = $biyear . $bimonth . $biday;
                    // selected date by user
                } else {
                    $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear)));
                }
            } else {
                if ($run_wday == $wday && $run_time > $timenow || $run_wday > $wday) {
                    $next_day = $year . $mon . $mday;
                } else {
                    $next_day = gmdate("Ymd", strtotime("next " . $ndays[$run_wday] . " GMT", gmdate("U")));
                }
                // next week
            }
            preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
            list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
            $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
            //error_log("W-> $requested_run\n" ,3,"/tmp/sched.log");
            $recurring = True;
            $sched_message = "Schedule Reccurring";
            $reccur_type = "Weekly";
            break;
        case "M":
            if ($begin_in_seconds > $current_in_seconds) {
                // if it is a future date
                if ($run_mday >= $biday) {
                    $next_day = $biyear . $bimonth . ($run_mday < 10 ? "0" : "") . $run_mday;
                    // this month
                } else {
                    $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", mktime(0, 0, 0, $bimonth, $biday, $biyear))), $run_mday);
                }
            } else {
                if ($run_mday > $mday || $run_mday == $mday && $run_time > $timenow) {
                    $next_day = $year . $mon . ($run_mday < 10 ? "0" : "") . $run_mday;
                    // this month
                } else {
                    $next_day = sprintf("%06d%02d", gmdate("Ym", strtotime("next month GMT", gmdate("U"))), $run_mday);
                }
            }
            preg_match("/(\\d{4})(\\d{2})(\\d{2})/", $next_day, $found);
            list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " {$btime_hour}:{$btime_min}:00", $tz);
            $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
            //error_log("M-> $requested_run $begin_in_seconds $current_in_seconds\n" ,3,"/tmp/sched.log");
            $recurring = True;
            $sched_message = "Schedule Reccurring";
            $reccur_type = "Montly";
            break;
        case "NW":
            if ($begin_in_seconds > $current_in_seconds) {
                // if it is a future date
                $array_time = array('month' => $bbimonth, 'day' => $bbiday, 'year' => $bbiyear);
                $requested_run = weekday_month(strtolower($daysMap[$dayofweek]), $nthweekday, $btime_hour, $btime_min, $array_time);
            } else {
                $requested_run = weekday_month(strtolower($daysMap[$dayofweek]), $nthweekday, $btime_hour, $btime_min);
            }
            preg_match("/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/", $requested_run, $found);
            list($b_y, $b_m, $b_d, $b_h, $b_u, $b_s, $b_time) = Util::get_utc_from_date($dbconn, $found[1] . "-" . $found[2] . "-" . $found[3] . " " . $found[4] . ":" . $found[5] . ":00", $tz);
            $requested_run = sprintf("%04d%02d%02d%02d%02d%02d", $b_y, $b_m, $b_d, $b_h, $b_u, "00");
            //error_log("NW-> $requested_run\n" ,3,"/tmp/sched.log");
            $dayofmonth = $nthweekday;
            $recurring = True;
            $sched_message = "Schedule Reccurring";
            $reccur_type = "Nth weekday of the month";
            break;
        default:
            break;
    }
    $insert_time = gmdate("YmdHis");
    if (!empty($_SESSION["_vuln_targets"]) && count($_SESSION["_vuln_targets"]) > 0) {
        $arr_ctx = array();
        $sgr = array();
        foreach ($_SESSION["_vuln_targets"] as $target_selected => $server_id) {
            $sgr[$server_id][] = $target_selected;
            if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\/\\d{1,2}\$/i", $target_selected)) {
                $related_ctxs = array_values(Asset_net::get_id_by_ips($dbconn, $target_selected));
                if (is_array($related_ctxs) && count($related_ctxs) > 0) {
                    $arr_ctx[$target_selected] = key(array_shift($related_ctxs));
                }
            } else {
                if (preg_match("/^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\$/i", $target_selected)) {
                    $related_ctxs = array_values(Asset_host::get_id_by_ips($dbconn, $target_selected));
                    if (is_array($related_ctxs) && count($related_ctxs) > 0) {
                        $arr_ctx[$target_selected] = key(array_shift($related_ctxs));
                        // to assign a ctx for a IP
                    }
                } else {
                    if (valid_hostname($target_selected) || valid_fqdns($target_selected)) {
                        $filters = array('where' => "hostname like '{$target_selected}' OR fqdns like '{$target_selected}'");
                        $_hosts_data = Asset_host::get_basic_list($dbconn, $filters);
                        $host_list = $_hosts_data[1];
                        if (count($host_list) > 0) {
                            $first_host = array_shift($host_list);
                            $hips = explode(",", $first_host['ips']);
                            foreach ($hips as $hip) {
                                $hip = trim($hip);
                                $arr_ctx[$hip] = $first_host['ctx'];
                            }
                        }
                    }
                }
            }
        }
        ossim_clean_error();
        unset($_SESSION["_vuln_targets"]);
        // clean scan targets
        $query = array();
        $IP_ctx = array();
        foreach ($arr_ctx as $aip => $actx) {
            $IP_ctx[] = $actx . "#" . $aip;
        }
        if ($vuln_op == "editrecurring" && $sched_id > 0) {
            $query[] = "DELETE FROM vuln_job_schedule WHERE id='{$sched_id}'";
            $i = 1;
            foreach ($sgr as $notify_sensor => $targets) {
                $target_list = implode("\n", $targets);
                $target_list .= "\n" . implode("\n", $ip_exceptions_list);
                $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n                            time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, \n                            meth_Ucheck, meth_TIMEOUT, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n                            '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n                            {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$semail}, '{$scan_locally}',\n                            '{$timeout}', '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' ,'{$time_interval}', '" . implode("\n", $IP_ctx) . "', '{$credentials}') ";
                $sjobs_names[] = $sname . $i;
                $i++;
            }
        } elseif ($recurring) {
            $i = 1;
            foreach ($sgr as $notify_sensor => $targets) {
                $target_list = implode("\n", $targets);
                $target_list .= "\n" . implode("\n", $ip_exceptions_list);
                $query[] = "INSERT INTO vuln_job_schedule ( name, username, fk_name, job_TYPE, schedule_type, day_of_week, day_of_month, \n                                time, email, meth_TARGET, meth_CRED, meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, \n                                meth_Ucheck, meth_TIMEOUT, scan_ASSIGNED, next_CHECK, createdate, enabled, resolve_names, time_interval, IP_ctx, credentials) VALUES ( '{$sname}', '{$username}', '" . Session::get_session_user() . "', '{$jobType}',\n                                '{$schedule_type}', '{$dayofweek}', '{$dayofmonth}', '{$time_value}', '{$notify_sensor}', '{$target_list}',\n                                {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list}, {$semail}, '{$scan_locally}',\n                                '{$timeout}', '{$SVRid}', '{$requested_run}', '{$insert_time}', '1', '{$resolve_names}' , '{$time_interval}', '" . implode("\n", $IP_ctx) . "', '{$credentials}') ";
                $sjobs_names[] = $sname . $i;
                $i++;
            }
        } else {
            $i = 1;
            foreach ($sgr as $notify_sensor => $targets) {
                $target_list = implode("\n", $targets);
                $target_list .= "\n" . implode("\n", $ip_exceptions_list);
                $query[] = "INSERT INTO vuln_jobs ( name, username, fk_name, job_TYPE, meth_SCHED, meth_TARGET,  meth_CRED,\n                        meth_VSET, meth_CUSTOM, meth_CPLUGINS, meth_Wfile, meth_TIMEOUT, scan_ASSIGNED,\n                        scan_SUBMIT, scan_next, scan_PRIORITY, status, notify, authorized, author_uname, resolve_names, credentials ) VALUES ( '{$sname}',\n                        '{$username}', '" . Session::get_session_user() . "', '{$jobType}', '{$schedule_type}', '{$target_list}', {$I3crID}, '{$sid}', '{$custadd_type}', {$plugs_list},\n                         {$semail}, '{$timeout}', '{$SVRid}', '{$insert_time}', '{$requested_run}', '3',\n                        'S', '{$notify_sensor}', '{$scan_locally}', '" . implode("\n", $IP_ctx) . "', '{$resolve_names}' , '{$credentials}') ";
                // echo "$query1";
                // die();
                $jobs_names[] = $sname . $i;
                $i++;
            }
        }
        $query_insert_time = gen_strtotime($insert_time, "");
        foreach ($query as $sql) {
            $error_updating = false;
            $error_inserting = false;
            if ($dbconn->execute($sql) === false) {
                echo _("Error creating scan job") . ": " . $dbconn->ErrorMsg();
                if ($vuln_op == "editrecurring") {
                    $error_updating = true;
                } else {
                    $error_creating = true;
                }
            } else {
                $config_nt = array('content' => "", 'options' => array('type' => "nf_success", 'cancel_button' => false), 'style' => 'width: 40%; margin: 20px auto; text-align: center;');
                if ($vuln_op == "editrecurring" && !$error_updating) {
                    $config_nt["content"] = _("Successfully Updated Recurring Job");
                    $nt = new Notification('nt_1', $config_nt);
                    $nt->show();
                } elseif (!$error_creating) {
                    $config_nt["content"] = _("Successfully Submitted Job");
                    $nt = new Notification('nt_1', $config_nt);
                    $nt->show();
                    //logAccess( "Submitted Job [ $jid ] $request" );
                    foreach ($jobs_names as $job_name) {
                        $infolog = array($job_name);
                        Log_action::log(66, $infolog);
                    }
                    foreach ($sjobs_names as $job_name) {
                        $infolog = array($job_name);
                        Log_action::log(67, $infolog);
                    }
                } else {
                    echo "<br><center>" . _("Failed Job Creation") . "</center>";
                }
                ?>
                <script type="text/javascript">
                //<![CDATA[                    
                document.location.href='<?php 
                echo Menu::get_menu_url(AV_MAIN_PATH . '/vulnmeter/manage_jobs.php', 'environment', 'vulnerabilities', 'scan_jobs');
                ?>
'; 
                //]]>
                </script>
                <?php 
            }
        }
    }
    // count($_SESSION["_vuln_targets"])>0
    echo "</b></center>";
}
Пример #6
0
function reportsummary()
{
    //GENERATE REPORT SUMMARY
    global $user, $border, $report_id, $scantime, $scantype, $fp, $nfp, $output, $filterip, $query_risk, $dbconn, $pluginid;
    global $treport, $sid, $ipl;
    $tz = Util::get_timezone();
    $htmlsummary = "";
    if ($treport == "latest" || $ipl != "") {
        $query = "SELECT t2.id, t1.username, t1.name, t2.name, t2.description, t4.hostname as host_name \n            FROM vuln_nessus_latest_reports t1\n            LEFT JOIN vuln_nessus_settings t2 on t1.sid=t2.id\n            LEFT JOIN host t4 ON t4.ip=inet_ntoa(t1.report_id)\n            WHERE " . ($ipl != "all" ? "t1.report_id in ({$report_id}) and " : "") . "t1.sid in ({$sid}) AND t1.username in ('{$user}')\n            order by t1.scantime DESC";
    } else {
        $query = "SELECT t2.id, t1.username, t1.name, t2.name, t2.description \n                    FROM vuln_jobs t1\n                    LEFT JOIN vuln_nessus_settings t2 on t1.meth_VSET=t2.id\n                    WHERE t1.report_id in ({$report_id}) AND t1.username in('{$user}')\n                    order by t1.SCAN_END DESC";
    }
    $result = $dbconn->execute($query);
    //print_r($query);
    if ($treport == "latest" || $ipl != "") {
        //list( $id_profile, $query_uid, $job_name, $profile_name, $profile_desc, $host_name ) =$result->fields;
        $lprofiles = array();
        $tmp_profiles = array();
        while (list($id_profile, $query_uid, $job_name, $profile_name, $profile_desc, $host_name) = $result->fields) {
            if ($host_name != "" && $host_name != long2ip($report_id)) {
                $phost_name = "{$host_name} (" . long2ip($report_id) . ")";
            } else {
                $phost_name = long2ip($report_id);
            }
            $lprofiles[] = "{$profile_name} - {$profile_desc}";
            $tmp_profiles[] = $id_profile;
            $result->MoveNext();
        }
        $profiles = implode("<br>", $lprofiles);
        $id_profile = implode(", ", $tmp_profiles);
    } else {
        list($id_profile, $query_uid, $job_name, $profile_name, $profile_desc) = $result->fields;
        if ($job_name == "") {
            // imported report
            $query_imported_report = "SELECT name FROM vuln_nessus_reports WHERE scantime='{$scantime}'";
            $result_imported_report = $dbconn->execute($query_imported_report);
            $job_name = $result_imported_report->fields["name"];
        }
    }
    if ($tz == 0) {
        $localtime = gen_strtotime($scantime, "");
    } else {
        $localtime = gmdate("Y-m-d H:i:s", Util::get_utc_unixtime($dbconn, $scantime) + 3600 * $tz);
    }
    $htmlsummary .= "<table border=\"5\" width=\"900\"><tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n         \n         <b>" . _("Scan time") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">" . $localtime . "&nbsp;&nbsp;&nbsp;</td>";
    //Generated date
    $gendate = date("Y-m-d H:i:s");
    $htmlsummary .= "<th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n         <b>" . _("Generated") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$gendate}</td></tr>";
    if ($ipl != "all") {
        if ($treport == "latest" || $ipl != "") {
            $htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n                <b>" . (count($lprofiles) > 1 ? _("Profiles") : _("Profile")) . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">";
            $htmlsummary .= "{$profiles}&nbsp;&nbsp;&nbsp;</td>\n                <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n                <b>" . ($treport == "latest" || $ipl != "" ? _("Host - IP") : _("Job Name")) . ":</b></th><td class=\"noborder\" valign=\"top\" style=\"text-align:left;padding-left:10px;\">" . ($treport == "latest" || $ipl != "" ? "{$phost_name}" : "{$job_name}") . "</td></tr>";
        } else {
            $htmlsummary .= "<tr><th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n                <b>" . _("Profile") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">";
            $htmlsummary .= "{$profile_name} - {$profile_desc}&nbsp;&nbsp;&nbsp;</td>\n                <th class=\"noborder\" valign=\"top\" style=\"text-align:left;font-size:12px;\" nowrap>\n                <b>" . _("Job Name") . ":</b></th><td class=\"noborder\" style=\"text-align:left;padding-left:10px;\">{$job_name}</td></tr>";
        }
    }
    $htmlsummary .= "</table>";
    /*
    if($pluginid!="") {
        if($fp!=""){
            $dbconn->execute("UPDATE vuln_nessus_settings_plugins SET enabled='N' WHERE sid in ($id_profile) and id='$pluginid'");
        }
        else {
            $dbconn->execute("UPDATE vuln_nessus_settings_plugins SET enabled='Y' WHERE sid in ($id_profile) and id='$pluginid'");
        }
    }
    */
    return "<center>" . $htmlsummary . "</center>";
}