function submit_block()
{
#validation here might look messy, but it's essentially in order of parameters listed below by
# 1. all checks that don't require db lookups
# 2. all other checks
global $COLLATE;
global $dbo;
include 'include/validation_functions.php';
$block_id = isset($_POST['block_id']) ? $_POST['block_id'] : '';
$name = isset($_POST['name']) ? $_POST['name'] : '';
$note = isset($_POST['note']) ? $_POST['note'] : '';
# this input is optional
$ip = isset($_POST['ip']) ? $_POST['ip'] : '';
$end_ip = isset($_POST['end_ip']) ? $_POST['end_ip'] : '';
$username = empty($_SESSION['username']) ? 'system' : $_SESSION['username'];
$update_block = isset($_POST['update_block']) ? $_POST['update_block'] : false;
$submit_op = $update_block == 'true' ? "modify&block_id={$block_id}" : 'add';
$parent_block = isset($_POST['parent_block']) ? $_POST['parent_block'] : '';
$block_type = isset($_POST['block_type']) ? $_POST['block_type'] : '';
if ($block_type == 'container') {
#containers don't have IP ranges associated with them
$ip = '';
$end_ip = '';
}
if (empty($name) || !empty($end_ip) && empty($ip) || empty($block_type)) {
$notice = "missingfield-notice";
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}");
exit;
}
if (empty($parent_block) || !preg_match("/[0-9]*/", $parent_block) && $parent_block != 'null') {
$notice = "invalidrequest";
header("Location: blocks.php?notice={$notice}");
exit;
}
$return = validate_text($name, 'blockname');
if ($return['0'] === false) {
$notice = $return['error'];
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}");
exit;
} else {
$name = $return['1'];
}
unset($return);
if (!preg_match('/^container$|^ipv4$/', $block_type)) {
$notice = 'invalidrequest';
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&parent_block={$parent_block}¬ice={$notice}");
exit;
}
if ($update_block === false) {
# checking for duplicate block name
$sql = "SELECT id from blocks where name='{$name}'";
$result = $dbo->query($sql);
if ($result->rowCount() != '0') {
header("HTTP/1.1 400 Bad Request");
$notice = 'duplicatename';
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}");
exit;
}
} else {
# checking that we're updating a block that actually exists
$sql = "SELECT name FROM blocks WHERE id='{$block_id}'";
$result = $dbo->query($sql);
if ($result->rowCount() != '1') {
header("HTTP/1.1 400 Bad Request");
$notice = 'selectblock';
header("Location: blocks.php?notice={$notice}");
exit;
}
$old_block_name = $result->fetchColumn();
}
$return = validate_text($note, 'note');
if ($return['0'] === false) {
$notice = $return['error'];
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}");
exit;
} else {
$note = $return['1'];
}
unset($return);
if (empty($end_ip) && !empty($ip)) {
# subnet supplied
$return = validate_network($ip, 'block', $block_id);
} elseif (!empty($ip)) {
# range supplied
$return = validate_ip_range($ip, $end_ip, 'block', $block_id);
}
if (isset($return) && $return['0'] === false) {
$notice = $return['error'];
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&block_type={$block_type}&parent_block={$parent_block}¬ice={$notice}");
exit;
} elseif (isset($return)) {
$long_start_ip = $return['long_start_ip'];
$long_end_ip = $return['long_end_ip'];
}
unset($return);
$result = '';
if ($parent_block != 'null') {
$sql = "SELECT id FROM blocks WHERE id='{$parent_block}'";
$result = $dbo->query($sql);
if ($result->rowCount() != '1') {
$notice = "invalidrequest";
header("Location: blocks.php?notice={$notice}");
exit;
}
$parent_id = "'{$parent_block}'";
} else {
$parent_id = 'null';
}
if ($update_block === false) {
# new block
$old_parent_block = $parent_block;
#we're going to redirect the user to the block they put this block into
} else {
$sql = "SELECT parent_id FROM blocks WHERE id='{$block_id}'";
$result = $dbo->query($sql);
$old_parent_block = $result->fetchColumn();
}
# If we're changing an existing block, we must make sure we don't orphan a child object
if ($update_block !== false) {
if ($block_type == 'ipv4' && find_child_blocks($block_id) !== false) {
$notice = 'wouldorphanblocks';
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}¬ice={$notice}");
exit;
} elseif ($block_type == 'container') {
# just check this block for subnets
$sql = "SELECT count(*) FROM subnets where block_id='{$block_id}'";
$result = $dbo->query($sql);
if ($result->fetchColumn() != '0') {
$notice = 'wouldorphansubnets';
header("Location: blocks.php?op={$submit_op}&name={$name}&ip={$ip}&end_ip={$end_ip}¬e={$note}&parent_block={$parent_block}¬ice={$notice}");
exit;
}
}
}
if ($update_block) {
$sql = "UPDATE blocks SET name='{$name}', start_ip='{$long_start_ip}', end_ip='{$long_end_ip}', note='{$note}', modified_by='{$username}', modified_at=now(),\r\n parent_id={$parent_id}, type='{$block_type}' WHERE id='{$block_id}'";
} else {
$sql = "INSERT INTO blocks (name, start_ip, end_ip, note, modified_by, modified_at, parent_id, type) \r\n\t VALUES('{$name}', '{$long_start_ip}', '{$long_end_ip}', '{$note}', '{$username}', now(), {$parent_id}, '{$block_type}')";
}
$accesslevel = "4";
$message = $update_block ? "IP Block updated: {$name}" : "IP Block added: {$name}";
$message .= $name != $old_block_name ? "(previously {$old_block_name})" : '';
AccessControl($accesslevel, $message);
// We don't want to generate logs when nothing is really happening, so this goes down here.
$dbo->query($sql);
$notice = $update_block ? 'blockupdated-notice' : 'blockadded-notice';
if ($old_parent_block == 'null') {
header("Location: blocks.php?notice={$notice}");
} else {
header("Location: blocks.php?block_id={$old_parent_block}¬ice={$notice}");
}
exit;
}
function find_child_blocks($block_id)
{
# Input: integer block id
# output: single-dimensional array of child blocks (recursive)
# outputs false if the block has no children
global $dbo;
$sql = "SELECT id FROM blocks WHERE parent_id='{$block_id}'";
$result = $dbo->query($sql);
if ($result->rowCount() === 0) {
return false;
}
$return = array();
while ($child_block = $result->fetchColumn()) {
$return[] = $child_block;
if (find_child_blocks($child_block) !== false) {
$return = array_merge($return, find_child_blocks($child_block));
}
}
return $return;
}
function delete_block()
{
global $COLLATE;
global $block_id;
$dbo = getdbo();
$block_ids = array();
$block_ids[] = $block_id;
$sql = "SELECT name FROM blocks WHERE id='{$block_id}'";
$result = $dbo->query($sql);
if ($result->rowCount() != '1') {
header("HTTP/1.1 400 Bad Request");
echo $COLLATE['languages']['selected']['selectblock'];
exit;
}
$name = $result->fetchColumn();
collate_log("4", "Block {$name} has been deleted!");
if (find_child_blocks($block_id) !== false) {
# this is a recursive function
$block_ids = array_merge($block_ids, find_child_blocks($block_id));
}
foreach ($block_ids as $block_id) {
// First delete all static IPs
$sql = "DELETE FROM statics WHERE subnet_id IN (SELECT id FROM subnets WHERE block_id='{$block_id}')";
$dbo->query($sql);
// Next, remove the DHCP ACLs
$sql = "DELETE FROM acl WHERE subnet_id IN (SELECT id FROM subnets WHERE block_id='{$block_id}')";
$dbo->query($sql);
// Next, remove the subnets
$sql = "DELETE FROM subnets WHERE block_id='{$block_id}'";
$dbo->query($sql);
// Lastly, delete the IP block
$sql = "DELETE FROM blocks WHERE id='{$block_id}'";
$dbo->query($sql);
}
# we don't output to the user on success. The row fades on the page to provide feedback.
}
