function update_profile($sid, $sname, $sdescription, $stype, $sautoenable, $auto_cat_status, $auto_fam_status, $tracker) { global $uroles, $dbconn, $conf; $username = $stype; // Owner Profile $host_tracker = 0; // $result = $dbconn->execute("select owner // from vuln_nessus_settings // where id = $sid"); // list ($myowner)=$result->fields; // if ($myowner <> $username && !$uroles[admin]) { // echo "Access denied: You do not own this profile and are not an admin // - (owner = $myowner)\n"; // //require_once('footer.php'); // die (); // } // "G" is global, blank is a private scan profile if ($stype == TRUE) { $stype = "G"; } else { $stype = ""; } if ($tracker == "on") { $host_tracker = 1; } $query = "update vuln_nessus_settings \n set name='{$sname}', description='{$sdescription}', \n type='{$stype}', autoenable='{$sautoenable}',\n auto_cat_status = {$auto_cat_status},\n auto_fam_status = {$auto_fam_status},\n update_host_tracker='{$host_tracker}',\n owner = '{$username}'\n where id={$sid}"; $result = $dbconn->execute($query); reset($_POST); // if form method="post" while (list($key, $value) = each($_POST)) { $value = Util::htmlentities(mysql_real_escape_string(trim($value)), ENT_QUOTES); if (substr($key, 0, 2) == "f_") { $type = substr($key, 0, 1); $key = substr($key, 2); $query = "update vuln_nessus_settings_family \n set status={$value} \n where sid={$sid} and fid={$key}"; $results = $dbconn->Execute($query); } elseif (substr($key, 0, 2) == "c_") { $type = substr($key, 0, 1); $key = substr($key, 2); $query = "update vuln_nessus_settings_category set status={$value} where sid={$sid} and cid={$key}"; $results = $dbconn->Execute($query); } } if ($sautoenable == "C") { $query = "select t1.cid, t1.status from vuln_nessus_settings_category as t1, vuln_nessus_category as t2 where sid={$sid}"; $result = $dbconn->execute($query); while (!$result->EOF) { list($cid, $catstatus) = $result->fields; if ($catstatus == 4) { $query1 = "update vuln_nessus_settings_plugins set enabled='N' where category={$cid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } elseif ($catstatus == 1) { $query1 = "update vuln_nessus_settings_plugins set enabled='Y' where category={$cid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } $result->MoveNext(); } } elseif ($sautoenable == "F") { $query = "select t1.fid, t1.status from vuln_nessus_settings_family as t1, vuln_nessus_family as t2 where sid={$sid}"; $result = $dbconn->execute($query); while (!$result->EOF) { list($fid, $catstatus) = $result->fields; if ($catstatus == 4) { $query1 = "update vuln_nessus_settings_plugins set enabled='N' where family={$fid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } elseif ($catstatus == 1) { $query1 = "update vuln_nessus_settings_plugins set enabled='Y' where family={$fid} and sid={$sid}"; $result1 = $dbconn->execute($query1); } $result->MoveNext(); } } //echo "Profile Updated<BR>"; ?> <script type="text/javascript"> //<![CDATA[ document.location.href='settings.php?hmenu=Vulnerabilities&smenu=ScanProfiles'; //]]> </script><?php //logAccess( "Updated Autoenable Settings for Profile $sid" ); if (preg_match("/omp\\s*\$/i", $nessus_path)) { $omp = new OMP(); $omp->set_plugins_by_family($sid); } edit_profile($sid); }