function saveprefs($sid) { global $username, $uroles, $dbconn, $nessus_path; // get the profile prefs for use later $sql = "SELECT t.nessusgroup, t.nessus_id, t.field, \n t.type, t.value, n.value, t.category\n FROM vuln_nessus_preferences_defaults t\n LEFT JOIN vuln_nessus_settings_preferences n\n ON t.nessus_id = n.nessus_id\n and n.sid = {$sid}\n order by category desc, nessusgroup, nessus_id"; $result = $dbconn->execute($sql); if ($result === false) { // SQL error echo "Error: There was an error with the DB lookup: " . $dbconn->ErrorMsg() . "<br>"; } $counter = 0; // user requested Save, update the DB with the values // Check to see if this is the owner doing the change $foo = $dbconn->execute("select owner from vuln_nessus_settings where id = {$sid}"); list($myowner) = $foo->fields; // if ($myowner <> $username && !$uroles[admin]) { ////logAccess( "$username : "******" : Access deined to profile" ); // echo "Access denied: You do not own this profile and are not an admin - (owner = $myowner)."; // //require_once('footer.php'); // die(); // } $uuid = Util::get_system_uuid(); while (!$result->EOF) { $counter++; $vname = "form" . $counter; if (isset($_POST[$vname])) { ${$vname} = Util::htmlentities(mysql_real_escape_string(trim($_POST[$vname])), ENT_QUOTES); } elseif (isset($_GET[$vname])) { $logh->log("{$username} : " . $_SERVER['SCRIPT_NAME'] . " : GET instead of POST method used - failed to save", PEAR_LOG_NOTICE); echo "Please use the settings.php form to submit your changes."; require_once 'footer.php'; die; } else { ${$vname} = ""; } list($nessusgroup, $nessus_id, $field, $type, $default, $value, $category) = $result->fields; /* if (strstr($nessus_id, "[password]")) { // password field if ($$vname!="" && !strstr($$vname,'ENC{')) { // not encrypted $enc = new Crypt_CBC($dbk, $cipher); $encrypted_val = $enc->encrypt($$vname); $$vname = "ENC{" . base64_encode($encrypted_val) . "}"; } } */ updatedb($nessus_id, ${$vname}, $dbconn, $type, $category, $sid, $uuid); $result->MoveNext(); } // end while loop /* * find all records in the vuln_nessus_settings_preferences table that * have no matching value in vuln_nessus_preferences_defaults * and delete them from vuln_nessus_preferences */ $sql = "select n.nessus_id \n\t\t from vuln_nessus_settings_preferences n\n\t\t left join vuln_nessus_preferences_defaults t\n on n.nessus_id = t.nessus_id\n where t.nessus_id is null"; $result = $dbconn->execute($sql); while (!$result->EOF) { list($pleasedeleteme) = $result->fields; $sql2 = "delete from vuln_nessus_settings_preferences\n where nessus_id = \"{$pleasedeleteme}\""; $result2 = $dbconn->execute($sql2); $result->MoveNext(); } // echo <<<EOT //Nessus settings saved<BR> //EOT; // logAccess( "Edited Prefs for Profile $sid" ); if (preg_match("/omp\\s*\$/i", $nessus_path)) { $omp = new OMP(); $omp->set_preferences($sid); } edit_serverprefs($sid); //edit_profile($sid); }
$CRS = querydb($sqlcmd, $db_conn); $Count = $CRS[0]['ct']; if (isset($_POST['textarea'])) { if (!isset($_SESSION['LoginID']) || empty($_SESSION['LoginID'])) { ?> <script> alert("Please Login First!"); </script> <?php } else { $ID = $_SESSION['LoginID']; $MSG = mysql_real_escape_string($_POST['textarea']); $T = getdate(); $TimeStamp = $T[0]; $sqlcmd = 'INSERT INTO Product_message VALUES (' . "{$TimeStamp},'{$UserIP}','{$ID}',{$pno},'{$MSG}','Y')"; $result = updatedb($sqlcmd, $db_conn); header("Location:{$WebHost}" . "item.php?pno={$pno}"); exit; } } if (isset($add)) { $sqlcmd = "SELECT * FROM Product WHERE pno='{$add}'"; $VProduct = querydb($sqlcmd, $db_conn); if (count($VProduct) > 0) { if (isset($_COOKIE['kind'])) { $Counter = $_COOKIE['kind']; $Same = 0; for ($i = 1; $i <= $Counter; $i++) { if ($add == $_COOKIE["item{$i}"]) { $Same = 1; break;
if (isset($trandel)) { $sqlcmd = "SELECT * FROM Transaction WHERE tno={$trandel}"; $rs = querydb($sqlcmd, $db_conn); if (count($rs) > 0 && $rs[0]['state'] == 'G') { $sqlcmd = "UPDATE Transaction SET state='C' WHERE tno={$trandel}"; $rs = updatedb($sqlcmd, $db_conn); $sqlcmd = "SELECT COUNT(*) AS C FROM Orders WHERE tno={$trandel}"; $rs = querydb($sqlcmd, $db_conn); $RecoverCount = $rs[0]['c']; for ($i = 0; $i < $RecoverCount; $i++) { $sqlcmd = "SELECT * FROM Orders WHERE tno={$trandel}"; $rs = querydb($sqlcmd, $db_conn); $RecoverPno = $rs[$i]['pno']; $RecoverNumber = $rs[$i]['amount']; $sqlcmd = "UPDATE Product SET stock=stock+{$RecoverNumber} WHERE pno={$RecoverPno}"; $rs = updatedb($sqlcmd, $db_conn); } } header("Location:info.php"); exit; } $PWD = $name = $mail = $phone = $addr = $birthStr = ''; $fileOK = $birth = $pic = 0; $sex = 'M'; $ID = $_SESSION['LoginID']; $MonArr = array('', 'January ', 'February ', 'March ', 'April ', 'May ', 'June ', 'July ', 'August ', 'September ', 'October ', 'November ', 'December '); $Sexarr = array('M' => 'Male', 'F' => 'Female', 'O' => 'Other'); $stateArr = array('G' => 'In processing', 'F' => '<font color="#FF8F19">Completion</font>', 'D' => 'Delivering', 'C' => '<font color="D8AFFF">Cancelled</font>', 'O' => '<font color="red">Please Contact us</font>'); $sqlcmd = "SELECT * FROM Member WHERE id='{$ID}' AND state<>'N'"; $rs = querydb($sqlcmd, $db_conn); if (count($rs) > 0) {
$counter = 0; if ($submit == _("save")) { logAccess("Save default profile"); while (!$result->EOF) { $counter++; $vname = "form" . $counter; if (isset($_POST[$vname])) { ${$vname} = htmlspecialchars(mysql_escape_string(trim($_POST[$vname])), ENT_QUOTES); } elseif (isset($_GET[$vname])) { logAccess("GET instead of POST method used - failed to save"); die("Please use the default.php form to submit your changes."); } else { ${$vname} = ""; } list($nessusgroup, $nessus_id, $field, $type, $default, $value, $category) = $result->fields; updatedb($nessus_id, ${$vname}, $dbconn, $type, $category); $result->MoveNext(); } # find all records in the vuln_nessus_preferences table that # have no matching value in vuln_nessus_preferences_defaults # and delete them from vuln_nessus_preferences $sql = "select n.nessus_id from vuln_nessus_preferences n\n left join vuln_nessus_preferences_defaults t\n on n.nessus_id = t.nessus_id\n where t.nessus_id is null"; $result = $dbconn->execute($sql); while (!$result->EOF) { list($pleasedeleteme) = $result->fields; $sql2 = "delete from vuln_nessus_preferences\n where nessus_id = \"{$pleasedeleteme}\""; $result2 = $dbconn->execute($sql2); logAccess("Deleted obselete config item {$pleasedeleteme}"); $result->MoveNext(); } echo "<BR><BR><BR><CENTER><B>" . _("Nessus settings saved, please proceed to the") . " <A href=\"settings.php\">" . _("Profile Selection") . "</A> " . _("page") . ".</B></CENTER><BR>";