if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) {
base_header("Location: " . $BASE_urlpath . "/index.php");
}
$et = new EventTiming($debug_time_mode);
// The below three lines were moved from line 87 because of the odd errors some users were having
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$cs = new CriteriaState("base_stat_country.php", "&addr_type=1");
$cs->ReadState();
/* Dump some debugging information on the shared state */
if ($debug_mode > 0) {
PrintCriteriaState();
}
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent IP addresses"), "occur_d");
$qs->MoveView($submit);
/* increment the view if necessary */
if ($addr_type == SOURCE_IP) {
$page_title = gettext("Unique Source Address(es)");
$results_title = gettext("Src IP address");
$addr_type_name = "ip_src";
} else {
if ($addr_type != DEST_IP) {
ErrorMessage(gettext("CRITERIA ERROR: unknown address type -- assuming Dst address"));
}
$page_title = gettext("Unique Destination Address(es)");
$results_title = gettext("Dst IP address");
$addr_type_name = "ip_dst";
}
if ($qs->isCannedQuery()) {
require "{$BASE_path}/includes/base_constants.inc.php";
require "{$BASE_path}/includes/base_include.inc.php";
include_once "{$BASE_path}/base_db_common.php";
include_once "{$BASE_path}/base_qry_common.php";
include_once "{$BASE_path}/base_stat_common.php";
$_SESSION["siem_default_group"] = "base_stat_ptypes.php?sort_order=occur_d";
$debug_time_mode >= 1 ? $et = new EventTiming($debug_time_mode) : '';
$cs = new CriteriaState("base_stat_ptypes.php");
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$cs->ReadState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
#$BUser = new BaseUser();
#if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php");
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_alerts, gettext("Most Frequent Events"), "occur_d");
$qs->AddCannedQuery("last_alerts", $last_num_ualerts, gettext("Last Events"), "last_d");
$qs->MoveView($submit);
/* increment the view if necessary */
$page_title = gettext("Event Listing");
/* Connect to the Alert database */
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
if ($event_cache_auto_update == 1) {
UpdateAlertCache($db);
}
$criteria_clauses = ProcessCriteria();
// Include base_header.php
if ($qs->isCannedQuery()) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
} else {
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
$cs = new CriteriaState("base_stat_uidm.php", "&addr_type={$addr_type}");
$cs->ReadState();
/* Dump some debugging information on the shared state */
// if ($debug_mode > 0) {
// PrintCriteriaState();
// }
//print_r($_SESSION['ip_addr']);
if (!in_array($addr_type, array("userdomain", "username", "hostname", "domain"))) {
$addr_type = "userdomain";
}
$type_name = ucfirst(str_replace("userdomain", "user@domain", $addr_type)) . "s";
$page_title = _("Unique") . " " . _($type_name);
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent") . " " . _($type_name), "occur_d");
$qs->MoveView($submit);
/* increment the view if necessary */
if ($event_cache_auto_update == 1) {
UpdateAlertCache($db);
}
$criteria_clauses = ProcessCriteria();
// Include base_header.php
if ($qs->isCannedQuery()) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
} else {
PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1);
}
$criteria = $criteria_clauses[0] . " " . $criteria_clauses[1];
if (preg_match("/user|domain/i", $addr_type)) {
// from idm_data
// Solve error when payload is searched cnt = 1
// if ($_GET{"data"} {
// 0
// } {
// 2
// } != "") $cs->criteria['data']->criteria_cnt = 1;
if ($_GET["data"][0][2] != "") {
$cs->criteria['data']->criteria_cnt = 1;
}
$submit = gettext("Query DB");
/* restore the real submit value */
$_POST['submit'] = $submit;
}
$cs->ReadState();
$qs = new QueryState();
$qs->AddCannedQuery("last_tcp", $last_num_alerts, gettext("Last TCP Events"), "time_d");
$qs->AddCannedQuery("last_udp", $last_num_alerts, gettext("Last UDP Events"), "time_d");
$qs->AddCannedQuery("last_icmp", $last_num_alerts, gettext("Last ICMP Events"), "time_d");
$qs->AddCannedQuery("last_any", $last_num_alerts, gettext("Last Events"), "time_d");
$page_title = gettext("Query Results");
//$sqlcalls = ($submit == "Query DB" || $submit == gettext("Query DB") || $submit == gettext("Query+DB") || $submit == gettext("Delete Selected") || $submit == gettext("Delete ALL on Screen") || $submit == gettext("Delete Entire Query") || $qs->isCannedQuery() || ($qs->GetCurrentSort() != "" && $qs->GetCurrentSort() != "none" && $_SERVER["QUERY_STRING"]!="new=1")) ? TRUE : FALSE;
//if ($sqlcalls)
//{
$criteria_clauses = ProcessCriteria();
//}
// Include base_header.php
if ($qs->isCannedQuery()) {
if (!array_key_exists("minimal_view", $_GET)) {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $cs->GetBackLink(), 1);
} else {
PrintBASESubHeader($page_title . ": " . $qs->GetCurrentCannedQueryDesc(), $page_title . ": " . $qs->GetCurrentCannedQueryDesc(), "", 1);
$db = NewBASEDBConnection($DBlib_path, $DBtype);
/* FIXME: OSSIM */
/* This used to break the port filters, have to look deeply on this
maybe changing db_connect_method in base_conf.php */
$port_type = ImportHTTPVar("port_type", VAR_DIGIT);
$proto = ImportHTTPVar("proto", VAR_DIGIT | VAR_PUNC);
$export = intval(ImportHTTPVar("export", VAR_DIGIT));
// Called from report_launcher.php
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1);
$cs = new CriteriaState("base_stat_ports.php", "&port_type={$port_type}&proto={$proto}");
$cs->ReadState();
// Check role out and redirect if needed -- Kevin
$roleneeded = 10000;
$port_proto = "TCP";
$qs = new QueryState();
$qs->AddCannedQuery("most_frequent", $freq_num_uports, gettext("Most Frequent Ports"), "occur_d");
$qs->AddCannedQuery("last_ports", $last_num_uports, gettext("Last Ports"), "last_d");
$submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY));
$qs->MoveView($submit);
/* increment the view if necessary */
$page_title = "";
switch ($proto) {
case TCP:
$page_title = gettext("Unique") . " TCP ";
$displaytitle = $port_type == SOURCE_PORT ? gettext("Displaying source tcp ports %d-%d of <b>%s</b> matching your selection.") : gettext("Displaying destination tcp ports %d-%d of <b>%s</b> matching your selection.");
break;
case UDP:
$page_title = gettext("Unique") . " UDP ";
$displaytitle = $port_type == SOURCE_PORT ? gettext("Displaying source udp ports %d-%d of <b>%s</b> matching your selection.") : gettext("Displaying destination udp ports %d-%d of <b>%s</b> matching your selection.");
break;
case -1:
