$user_group = $_POST['user_group']; $user_department = $_POST['user_department']; $user_contact = $_POST['user_contact']; $user_address = $_POST['user_address']; $user_phone = $_POST['user_phone']; $user_email = $_POST['user_email']; $user_pw_list = $_POST['user_pw_list']; $user_pw_1 = $_POST['user_pw_1']; $user_pw_2 = $_POST['user_pw_2']; $GenRandomPw = $_POST['GenRandomPw']; // check for our form type if (!empty($_POST['AddUser']) || !empty($_POST['EditUser']) || !empty($_POST['DelUser'])) { // check for empty variables if (!empty($user_username) && !empty($user_fname) && !empty($user_lname) && !empty($user_access_level) && !empty($user_group) && !empty($user_department) && !empty($user_fname) && !empty($user_lname) && !empty($user_phone) && !empty($user_email)) { // do some validation checks on submitted data if ($val->ValidateAlphaChar($user_username) !== -1 && $val->ValidateString($user_fname) !== -1 && $val->ValidateString($user_lname) !== -1 && $val->ValidateString($user_access_level) !== -1 && $val->ValidateString($user_group) !== -1 && $val->ValidateParagraph($user_department) !== -1 && $val->ValidateString($user_contact) !== -1 && $val->ValidatePhone($user_phone) !== -1 && $val->ValidateEmail($user_email) !== -1) { // leave the owner assignment alone if owner is not admin if ($group === "admin") { $group = $user_group; } // generate random password if this is a new user if (!empty($_POST['AddUser'])) { $user_password = $val->GenerateRandomPassword("12", "normal"); } // setup our SQL statements for add, edit and deleting records $insert = "INSERT INTO `auth_users` ( `username`, `password`, `level`, `group`, `dept`, `first`, `last`, `phone`, `email`, `ip`, `host`, `create_date`, `create_time`, `access_date`, `access_time`, `session`, `reset`, `owner` ) VALUES ( \"" . $user_username . "\", \"" . sha1($user_password) . "\", \"" . $user_access_level . "\", \"" . $user_group . "\", \"" . $user_deptartment . "\", \"" . $user_fname . "\", \"" . $user_lname . "\", \"" . $user_phone . "\", \"" . $user_email . "\", \"" . $user_ip . "\", \"" . $user_host . "\", \"" . $user_create_date . "\", \"" . $user_create_time . "\", \"" . $user_access_date . "\", \"" . $user_access_time . "\", \"" . $user_session . "\", \"TRUE\", \"" . $group . "\" )"; $update = "UPDATE `auth_users` SET `username` = \"" . $user_username . "\", `level` = \"" . $user_access_level . "\", `group` = \"" . $user_group . "\", `dept` = \"" . $user_department . "\", `first` = \"" . $user_fname . "\", `last` = \"" . $user_lname . "\", `phone` = \"" . $user_phone . "\", `email` = \"" . $user_email . "\", `ip` = \"" . $user_ip . "\", `host` = \"" . $user_host . "\", `owner` = \"" . $group . "\" WHERE `id` = \"" . $user_id . "\" LIMIT 1"; $delete = "DELETE FROM `auth_users` WHERE `id` = \"" . $user_id . "\" LIMIT 1"; // now perform a check to see which statement to use if (!empty($_POST['AddUser'])) { $sql = $insert;
function AuthUser($user, $pass, $token) { // our global config opts global $defined; // initialize classes $db = new dbConn(); $val = new ValidateStrings(); $lib = new Authenticate(); $auth = new Encryption(); $sess = new Sessions(); $misc = new MiscFunctions(); $exit = new ExitApp(); // check our authentication requirements if (empty($user) && empty($pass) && empty($token)) { return -1; } // we have an existing authentication token present if (!empty($token) && empty($user) && empty($pass)) { $array = $auth->DecodeAuthToken($token); $user = base64_decode($array[0]); $pass = base64_decode($array[1]); $time = $array[4]; $current = $misc->GenTime(); if ($lib->AuthTimeOut($defined['timeout'], $time, $current) === -1) { return -2; } } // perform validation on username and password if ($val->ValidateAlphaChar($user) === -1 || $val->ValidateParagraph($pass) === -1) { return -3; } // see if the user exists for authenticaiton $data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); $query = "SELECT * FROM `auth_users` WHERE `username` = \"{$user}\" AND `password` = sha1( \"{$pass}\" )"; $query = $val->ValidateSQL($query, $data); // database problem if (($value = $db->dbQuery($query, $data)) === -1) { return -5; } // check user match if ($db->dbNumRows($value) === -1 || $db->dbNumRows($value) === 0) { return -4; } else { $return = 0; } // create our authentication session token if (empty($token)) { $array = $db->dbArrayResults($value); $x = $auth->GeneratePrivateKey($defined['enckeygen']); $access_date = $misc->GenDate(); $access_time = $misc->GenTimeRead(); $query = "UPDATE `auth_users` SET `access_date` = \"" . $access_date . "\", `access_time` = \"" . $access_time . "\", `session` = \"{$x}\" WHERE `id` = \"" . $array[0]['id'] . "\""; $value = $val->ValidateSQL($query, $data); if (($value = $db->dbQuery($value, $data)) === -1) { return -5; } $x = $auth->EncodePrivToHex($x); if (($token = $auth->EncodeAuthToken($array[0]['username'], $pass, $array[0]['level'], $array[0]['group'], $misc->GenTime(), $x)) !== -1) { $sess->RegisterSession("token", $token); $return = 0; } } $db->dbFreeData($query); $db->dbCloseConn($data); return $return; }
$scope_range_1 = $_POST['scope_range_1']; $scope_range_2 = $_POST['scope_range_2']; $bootp_filename = $_POST['bootp_filename']; $bootp_server = $_POST['bootp_server']; $broadcast_address = $_POST['broadcast_address']; $ntp_servers = $_POST['ntp_servers']; $netbios_servers = $_POST['netbios_servers']; $default_lease = $_POST['default_lease']; $min_lease = $_POST['min_lease']; $max_lease = $_POST['max_lease']; $permissions = $_POST['select_groups']; $groups = $_POST['groups']; // check each post element if (!empty($subnet) && !empty($subnet_mask) && !empty($dns_server_1) && !empty($dns_server_2) && !empty($router) && !empty($subnet_name) && !empty($enable_scope)) { // begin validation of configuration options if ($val->ValidateIPv4($subnet) !== -1 && $val->ValidateIPv4($subnet_mask) !== -1 && $val->ValidateDomain($dns_server_1) !== -1 && $val->ValidateDomain($dns_server_2) !== -1 && $val->ValidateIPv4($router) !== -1 && $val->ValidateParagraph($subnet_name) !== -1 && $val->ValidateAlphaChar($pool_name) !== -1 || $pool_name === "---------------" && $val->ValidateString($enable_scope) !== -1 && $val->ValidateIPv4($scope_range_1) !== -1 && $val->ValidateIPv4($scope_range_2) !== -1 && $val->ValidateParagraph($bootp_filename) !== -1 && $val->ValidateDomain($bootp_server) !== -1 && $val->ValidateString($enable_forwarding) !== -1 && $val->ValidateDomain($broadcast_address) !== -1 && $val->ValidateDomain($ntp_servers) !== -1 && $val->ValidateDomain($netbios_servers) !== -1 && $val->ValidateInteger($default_lease) !== -1 && $val->ValidateInteger($min_lease) !== -1 && $val->ValidateInteger($max_lease) !== -1 && $val->ValidateBroadcast2List($interface_list, $subnet) === 0 && $val->ValidateBroadcast2List($interface_list, $broadcast_address) === 0) { // fix pool var if ($pool_name === "---------------") { $pool_name = ""; } // define our sql statements (exclude the group field if user is member of admin group) if ($group !== "admin") { $insert = "INSERT INTO `conf_subnets` ( `subnet`, `subnet-mask`, `dns-server-1`, `dns-server-2`, `router`, `subnet-name`, `pool`, `enable-scope`, `scope-range-1`, `scope-range-2`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time`, `group` ) VALUES ( \"" . $subnet . "\",\"" . $subnet_mask . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $subnet_name . "\", \"" . $pool_name . "\", \"" . $enable_scope . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\", \"" . $group . "\" )"; if (empty($_POST['ex_group'])) { $update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $id . "\" LIMIT 1"; } else { $update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1"; } } else { $insert = "INSERT INTO `conf_subnets` ( `subnet`, `subnet-mask`, `dns-server-1`, `dns-server-2`, `router`, `subnet-name`, `enable-scope`, `scope-range-1`, `scope-range-2`, `bootp-filename`, `bootp_server`, `ip-forwarding`, `broadcast-address`, `ntp-servers`, `netbios-name-servers`, `default-lease-time`, `min-lease-time`, `max-lease-time` ) VALUES ( \"" . $subnet . "\",\"" . $subnet_mask . "\", \"" . $dns_server_1 . "\", \"" . $dns_server_2 . "\", \"" . $router . "\", \"" . $subnet_name . "\", \"" . $pool_name . "\", \"" . $enable_scope . "\", \"" . $scope_range_1 . "\", \"" . $scope_range_2 . "\", \"" . $bootp_filename . "\", \"" . $bootp_server . "\", \"" . $enable_forwarding . "\", \"" . $broadcast_address . "\", \"" . $ntp_servers . "\", \"" . $netbios_servers . "\", \"" . $default_lease . "\", \"" . $min_lease . "\", \"" . $max_lease . "\" )"; $update = "UPDATE `conf_subnets` SET `subnet` = \"" . $subnet . "\", `subnet-mask` = \"" . $subnet_mask . "\", `dns-server-1` = \"" . $dns_server_1 . "\", `dns-server-2` = \"" . $dns_server_2 . "\", `router` = \"" . $router . "\", `subnet-name` = \"" . $subnet_name . "\", `pool` = \"" . $pool_name . "\", `enable-scope` = \"" . $enable_scope . "\", `scope-range-1` = \"" . $scope_range_1 . "\", `scope-range-2` = \"" . $scope_range_2 . "\", `bootp-filename` = \"" . $bootp_filename . "\", `bootp-server` = \"" . $bootp_server . "\", `ip-forwarding` = \"" . $enable_forwarding . "\", `broadcast-address` = \"" . $broadcast_address . "\", `ntp-servers` = \"" . $ntp_servers . "\", `netbios-name-servers` = \"" . $netbios_servers . "\", `default-lease-time` = \"" . $default_lease . "\", `min-lease-time` = \"" . $min_lease . "\", `max-lease-time` = \"" . $max_lease . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
$emp = "TRUE"; $err1[$i]['substr_regex'] = $e; $listop_empty .= "<li>The regex field is empty</li>"; } // check formating of data to provide errors if ($val->ValidateInteger($class_opts[$i]['substring_start']) === -1) { $err1[$i]['substring'] = $e; $stop = "TRUE"; $listop_val .= "<li>The substring start field is invalid, integers only</li>"; } if ($val->ValidateInteger($class_opts[$i]['substring_end']) === -1) { $err1[$i]['substring'] = $e; $stop = "TRUE"; $listop_val .= "<li>The substring end field is invalid, integers only</li>"; } if ($val->ValidateAlphaChar($class_opts[$i]['substr_regex']) === -1) { $err1[$i]['substr_regex'] = $e; $stop = "TRUE"; $listop_val .= "<li>The regex field is invalid, alpha numeric characters only</li>"; } } } // check each post element if (!empty($class_name) && $emp !== "TRUE") { // get field type based on $class_option $chk = "DESCRIBE `conf_classes_opts` `{$class_option}`"; if (($value = $db->dbQuery($val->ValidateSQL($chk, $dbconn), $dbconn)) !== -1) { $chkvals = $db->dbArrayResultsAssoc($value); } // begin validation of configuration options if ($val->ValidateParagraph($class_name) !== -1 && $stop !== "TRUE") {