function ChkLevel($token) { global $defined; if (empty($token)) { $level->value = -1; } else { $auth = new Encryption(); $db = new dbConn(); $val = new ValidateStrings(); $array = $auth->DecodeAuthToken($token); $data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); $query = "SELECT `level` FROM `auth_users` WHERE `level` = \"" . base64_decode($array[2]) . "\""; $value = $db->dbQuery($val->ValidateSQL($query, $data), $data); $array = $db->dbArrayResults($value); $level->value = $array[0]['level']; $db->dbFreeData($query); $db->dbCloseConn($data); } return $level->value; }
} else { $subnetquery = "SELECT * FROM `conf_pools` WHERE `group` = \"" . $group . "\" ORDER BY `pool-name` ASC"; } if (($current = $db->dbQuery($val->ValidateSQL($subnetquery, $dbconn), $dbconn)) !== -1) { $subnetlist = $db->dbArrayResultsAssoc($current); } $pools = $misc->GenJumpMenuBoxPools($subnetlist, 'pools', $_GET['skin']); // generate list of allow/deny options $pl_ops = array("known-clients", "unknown-clients", "dynamic bootp clients", "authenticated clients", "unauthenticated clients", "all clients"); if ($group === "admin") { $pl = "SELECT `class-name` FROM `conf_classes` ORDER BY `class-name` ASC"; } else { $pl = "SELECT `class-name` FROM `conf_classes` WHERE `group` = \"" . $group . "\" OR `group` = '' ORDER BY `class-name` ASC"; } if (($return = $db->dbQuery($val->ValidateSQL($pl, $dbconn), $dbconn)) !== -1) { $pls = $db->dbArrayResults($return); } // fix the nested array before merging for ($x = 0; $x < count($pls); $x++) { $newarr[] = $pls[$x]['class-name']; } if (count($newarr) !== 0) { $pls_opt = array_merge($pl_ops, $newarr); //echo "<pre>"; print_r( $pls_opt ); echo "</pre>"; } else { $pls_opt = $pl_ops; } $list = $misc->GenDropMenuWSelectedPoolOpts($pls_opt, $allow_deny_op, 'allow_deny_op'); /* create checkbox list of available groups */ $groupsquery = "SELECT * FROM `auth_groups` WHERE `group` != \"admin\" AND `group` != \"" . $group . "\" ORDER BY `group` ASC"; if (($res = $db->dbQuery($val->ValidateSQL($groupsquery, $dbconn), $dbconn)) !== -1) {
// Do some cleaning before verifying installation $misc->CleanUpVars($_POST, NULL); // Free db handle and close connection(s) $db->dbFreeData($dbconn); $db->dbCloseConn($dbconn); // check results of import and application login $dbconn = $db->dbConnect($_POST['mysql_server_address'], $_POST['mysql_server_username'], $_POST['mysql_server_password'], 'phpDHCPAdmin'); if ($dbconn === -1) { $error = $err->GenerateErrorLink("../help/help.html", "#app_setup", '../templates/images/error.jpg', "Error connecting to the database with the newly entered username and password combination for the database 'phpDHCPAdmin'", NULL, NULL); } else { // verify tables exist $query = "SHOW TABLES IN `phpDHCPAdmin`"; if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("../help/help.html", "#create_admin_user", '../templates/images/error.jpg', "There was an error when flushing the priveleges table", NULL, NULL); } else { $array = $db->dbArrayResults($value); foreach ($array as $key => $value) { $e = $err->GenerateErrorImg('../templates/images/error.jpg', "../help/help.html#app_setup", '800', '800'); $list .= "<ol>"; if (!in_array($value['Tables_in_phpDHCPAdmin'], $TABLES)) { $list .= "<li>Missing table information for '" . $value['Tables_in_phpDHCPAdmin'] . "'</li>"; $flag = -1; } } $list .= "</ol>"; if ($flag !== -1) { $error = $err->GenerateErrorLink("../help/help.html", "#app_setup", '../templates/images/good.jpg', "Permissions have been set on the database 'phpDHCPAdmin' for the user '" . $_POST['mysql_server_username'] . "' and our table structure is intact.", NULL, NULL); } else { $error = $err->GenerateErrorLink("../help/help.html", "#app_setup", '../templates/images/error.jpg', "An error occured when verifying database table schema" . $list, NULL, NULL); } }
} elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === 0) { // perform permissions check with access level and group data if ($level->ChkLevel($_SESSION['token']) === "root" || $level->ChkLevel($_SESSION['token'] === "user")) { // decode our authentication token to get our group membership $user_details = $encrypt->DecodeAuthToken($_SESSION['token']); $group = base64_decode($user_details[3]); // initialize a db connection handle $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); // Get array of subnets to assign hosts to if ($group === "admin") { $query = "SELECT * FROM `conf_subnets` ORDER BY `subnet-name` ASC"; } else { $query = "SELECT * FROM `conf_subnets` WHERE `group` = \"" . $group . "\" ORDER BY `subnet-name` ASC"; } if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) !== -1) { $subdata = $db->dbArrayResults($value); } // are there subnets? if so populate sql queries to look up hosts per subnet if (count($subdata)) { foreach ($subdata as $key => $value) { if ($group === "admin") { $sql[$value['subnet-name']] = "SELECT * FROM `conf_hosts` WHERE `subnet-name` = \"" . $value['subnet-name'] . "\"{$filter}"; } else { $sql[$value['subnet-name']] = "SELECT * FROM `conf_hosts` WHERE `subnet-name` = \"" . $value['subnet-name'] . "\" AND `group` = \"" . $group . "\""; } } // execute as many database queries as we need for our host to subnet assignment foreach ($sql as $key => $value) { if (($res = $db->dbQuery($val->ValidateSQL($value, $dbconn), $dbconn)) !== -1) { $hostdata[$key] = $db->dbArrayResults($res); }
$sql['gpxe'] = "SELECT * FROM `conf_pxe_opts`"; $sql['dns'] = "SELECT * FROM `conf_dns_opts`"; $sql['failover'] = "SELECT * FROM `conf_failover`"; $sql['dnssec'] = "SELECT * FROM `conf_dnssec_opts`"; $sql['classes'] = "SELECT * FROM `conf_classes`"; $sql['pools'] = "SELECT * FROM `conf_pools`"; $sql['shared'] = "SELECT * FROM `conf_shared_networks`"; $sql['subnets'] = "SELECT * FROM `conf_subnets`"; $sql['pxe'] = "SELECT * FROM `conf_pxe_groups`"; // process our sql array and place values in assoc array foreach ($sql as $key => $query) { if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $err_chk = 1; $list .= "<li>Could not look up data for the '" . $key . "' configuration options</li>"; } else { $results[$key] = $db->dbArrayResults($value); } } // determine which hosts belong to pxe groups $classes_count = count($results['classes']); foreach ($results['classes'] as $key => $class) { $sql['class'][$class['class-name']] = "SELECT * FROM `conf_classes_options` WHERE `class-name` = '" . $class['class-name'] . "'"; } // build our static hosts into pxe groups first if (count($sql['class']) !== 0) { foreach ($sql['class'] as $key => $query) { if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $err_chk = 1; $list .= "<li>Could not look up data for the '" . $key . "' configuration options</li>"; } else { $results['classes']['classes-options'][$key] = $db->dbArrayResults($value);
// authentication data not found in database } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === -4) { $ERROR = $err->GenerateErrorLink("help/help.html", "#user", $defined['error'], $errors['auth_n'], NULL, NULL); // error in database query } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === -5) { $ERROR = $err->GenerateErrorLink("help/help.html", "#undef", $defined['error'], $errors['undef_sql'], NULL, NULL); // valid user found } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === 0) { // perform permissions check with access level and group data if ($level->ChkLevel($_SESSION['token']) === "root" || $level->ChkLevel($_SESSION['token'] === "user")) { // initialize a db connection handle $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); // generate array of interfaces to assign leases to $sql = "SELECT `subnet`,`scope-range-1`,`scope-range-2`,`subnet-name` FROM `conf_subnets`"; if (($value = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) { $subnets = $db->dbArrayResults($value); } // loop over results and create nested array of leases per subnet foreach ($subnets as $key => $value) { // ensure we are looking at a subnet with a scope defined if (!empty($value['scope-range-1']) && !empty($value['scope-range-2'])) { $ip = $value['subnet']; $name = $value['subnet-name']; // aquire the total number of leases available in scope preg_match('/[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.([0-9]{1,3})/', $value['scope-range-1'], $start); preg_match('/[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.([0-9]{1,3})/', $value['scope-range-2'], $end); // begin counting $total = 1; for ($x = $start[1]; $x < $end[1]; $x++) { $total = $total + 1; }
// process our query if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $db_msg_err, NULL, NULL); // does the record exist? a duplicate mac, ip or hostname is not allowed if (eregi("duplicate", $db->dbCatchError()) && !empty($id) || !empty($modify) && $modify === "modify") { // look at error and grab the existing record @preg_match('/.*\'(.*)\'.*/', $db->dbCatchError(), $dup); // make sure users can't edit other group records if ($group !== "admin") { $sql = "SELECT `id` FROM `conf_hosts` WHERE `ip-address` LIKE \"" . $dup[1] . "\" OR `hostname` LIKE \"" . $dup[1] . "\" OR `mac-address` LIKE \"" . $dup[1] . "\" HAVING `group` = \"" . $group . "\""; } else { $sql = "SELECT `id` FROM `conf_hosts` WHERE `ip-address` LIKE \"" . $dup[1] . "\" OR `hostname` LIKE \"" . $dup[1] . "\" OR `mac-address` LIKE \"" . $dup[1] . "\""; } // execute the database query for our matching record if (($value = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) { $ids = $db->dbArrayResults($value); } // create new `update` sql statement with matching id to overwrite record as per requested if ($group === "admin") { $update = "UPDATE `conf_hosts` SET `hostname` = \"" . $hostname . "\", `mac-address` = \"" . $mac_address . "\", `ip-address` = \"" . $ip_address . "\", `subnet-name` = \"" . $subnet_name . "\", `pxe-group` = \"" . $pxe_group . "\", `group` = \"" . $group . "\" WHERE `id` = \"" . $ids[0]['id'] . "\" LIMIT 1"; } else { $update = "UPDATE `conf_hosts` SET `hostname` = \"" . $hostname . "\", `mac-address` = \"" . $mac_address . "\", `ip-address` = \"" . $ip_address . "\", `subnet-name` = \"" . $subnet_name . "\", `pxe-group` = \"" . $pxe_group . "\" WHERE `id` = \"" . $ids[0]['id'] . "\" LIMIT 1"; } // perform update on record if (($value = $db->dbQuery($val->ValidateSQL($update, $dbconn), $dbconn)) === -1) { $error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['db_edit_err'], NULL, NULL); } else { // was anything updated? if ($db->dbAffectedRows($dbconn) === 0) { $error = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['error'], $errors['db_edit_err'], NULL, NULL); } else {
function ProcessAdapterDetails($array) { global $defined; $db = new dbConn(); $val = new ValidateStrings(); $lib = new MiscFunctions(); $insert = ''; $update = ''; $key = ''; $value = array(); // initialize a db connection handle $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); // begin loop foreach ($array as $key => $value) { // sql statements $insert = "INSERT INTO `conf_adapters` ( `name`, `encap`, `hwaddr`, `ipv4`, `broadcast`, `mask`, `ipv6`, `flags`, `rx_packets`, `rx_errors`, `rx_dropped`, `rx_overruns`, `rx_frame`, `tx_packets`, `tx_errors`, `tx_dropped`, `tx_overruns`, `tx_carrier`, `rx_bytes`, `tx_bytes` ) VALUES ( \"" . $key . "\", \"" . $value['encap'] . "\", \"" . $value['hwaddr'] . "\", \"" . $value['ipv4'] . "\", \"" . $value['broadcast'] . "\", \"" . $value['mask'] . "\", \"" . $value['ipv6'] . "\", \"" . $value['flags'] . "\", \"" . $value['RX_packets'] . "\", \"" . $value['RX_errors'] . "\", \"" . $value['RX_dropped'] . "\", \"" . $value['RX_overruns'] . "\", \"" . $value['RX_frame'] . "\", \"" . $value['TX_packets'] . "\", \"" . $value['TX_errors'] . "\", \"" . $value['TX_dropped'] . "\", \"" . $value['TX_overruns'] . "\", \"" . $value['TX_carrier'] . "\", \"" . $value['RX_total'] . "\", \"" . $value['TX_total'] . "\" )"; $update = "UPDATE `conf_adapters_details` SET `name` = \"" . $key . "\", `encap` = \"" . $value['encap'] . "\", `hwaddr` = \"" . $value['hwaddr'] . "\", `ipv4` = \"" . $value['ipv4'] . "\", `broadcast` = \"" . $value['broadcast'] . "\", `mask` = \"" . $value['mask'] . "\", `ipv6` = \"" . $value['ipv6'] . "\", `flags` = \"" . $value['flags'] . "\", `rx_packets` = \"" . $value['RX_packets'] . "\", `rx_errors` = \"" . $value['RX_errors'] . "\", `rx_dropped` = \"" . $value['RX_dropped'] . "\", `rx_overruns` = \"" . $value['RX_overruns'] . "\", `rx_frame` = \"" . $value['RX_frame'] . "\", `tx_packets` = \"" . $value['TX_packets'] . "\", `tx_errors` = \"" . $value['TX_errors'] . "\", `tx_dropped` = \"" . $value['TX_dropped'] . "\", `tx_overruns` = \"" . $value['TX_overruns'] . "\", `tx_carrier` = \"" . $value['TX_carrier'] . "\", `rx_bytes` = \"" . $value['RX_total'] . "\", `tx_bytes` = \"" . $value['TX_total'] . "\" WHERE `name` = \"" . $key . "\" LIMIT 1"; // determine if an traffic table update should occur if ($value['RX_total'] !== 0) { // time machine calcs // (only run once an hour) $now = $this->GenTime(); // grab some current traffic data $res = $db->dbQuery($val->ValidateSQL("SELECT `time` FROM `conf_traffic` WHERE `time` < \"" . $now . "\" AND `bytes` > 0 AND `interface` = \"" . $key . "\" LIMIT 1", $dbconn), $dbconn); $times = $db->dbArrayResults($res); // get a value we can compare against an hour $test = abs($now - $times[0]['time']); // insert some data if ($test > 3600 && !empty($value['RX_total'])) { $traffic = "INSERT INTO `conf_traffic` ( `interface`, `bytes`, `time` ) VALUES ( \"" . $key . "\", \"" . $value['RX_total'] . "\", UNIX_TIMESTAMP() )"; $db->dbQuery($val->ValidateSQL($traffic, $dbconn), $dbconn); } } // do the db stuff for our adapters if ($db->dbQuery($val->ValidateSQL($insert, $dbconn), $dbconn) !== 0) { if (eregi("duplicate", $db->dbCatchError())) { $db->dbQuery($val->ValidateSQL($update, $dbconn), $dbconn); } } } }
// error in database query } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === -5) { $ERROR = $err->GenerateErrorLink("help/help.html", "#undef", $defined['error'], $errors['undef_sql'], NULL, NULL); // valid user found } elseif ($auth->AuthUser($_POST['user'], $_POST['pass'], $_SESSION['token']) === 0) { // perform permissions check with access level and group data if ($level->ChkLevel($_SESSION['token']) === "root" || $level->ChkLevel($_SESSION['token'] === "user")) { // initialize a db connection handle $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); $now = $misc->GenTime(); $hour_old = $now - 3600; $six_hour_old = $now - 21000; // most recent traffic $sql = "SELECT * FROM `conf_traffic` WHERE `time` <= \"" . $now . "\" AND `time` >= \"" . $hour_old . "\""; if (($value = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) { $traffic_recent = $db->dbArrayResults($value); } // traffic from last 6 hours $sql = "SELECT * FROM `conf_traffic` WHERE `time` <= \"" . $hour_old . "\" AND `time` >= \"" . $six_hour_old . "\""; if (($value = $db->dbQuery($val->ValidateSQL($sql, $dbconn), $dbconn)) !== -1) { $traffic_old = $db->dbArrayResults($value); } // check to see if we have valid data to use if (count($traffic_recent) === 0) { $traffic_recent[0] = array("interface" => "EMPTY", "bytes" => 0); } if (count($traffic_old) === 0 || empty($traffic_old)) { $traffic_old[0] = array("interface" => "EMPTY", "bytes" => 0); } // generate our graphs but check for gd lib extensions first if (function_exists('imagedestroy') && count($traffic_recent) !== 0) {
if (file_exists('../scripts/inc.config.php')) { require '../scripts/inc.config.php'; global $defined; // open up some handles $db = new dbConn(); $val = new ValidateStrings(); $misc = new MiscFunctions(); // attempt to get a list of networks the net adapter(s) are listening on $misc->GetAdapters(); // process lease data $misc->GetCurrentLeases($defined['leases']); // look to see if we need to recreate the leases file $dbconn = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); $query = "SELECT `recreate` FROM `conf_leases_properties` WHERE `id` = \"1\""; if (($value = $db->dbQuery($val->ValidateSQL($query, $dbconn), $dbconn)) === 0) { $data = $db->dbArrayResults($value); } // do we recreate? if ($data[0]['recreate'] === "TRUE") { echo "LEASES: We are going to recreate the current " . $defined['leases'] . "file. Please wait...\n"; } // Check for file that flags a restart if (file_exists($defined['virpath'] . "conf/restart")) { // make sure we have a configuration file to use if (file_exists($defined['virpath'] . "conf/dhcpd.conf")) { // use the $defined[dhcpd_cmd] var to restart the service with our config file system('/usr/bin/killall dhcpd'); system("rm " . $defined['virpath'] . "conf/restart"); system($defined['dhcpd_cmd']); echo "RESTART: The ISC DHCPD service has been restarted.\n"; } else {
function AuthUser($user, $pass, $token) { // our global config opts global $defined; // initialize classes $db = new dbConn(); $val = new ValidateStrings(); $lib = new Authenticate(); $auth = new Encryption(); $sess = new Sessions(); $misc = new MiscFunctions(); $exit = new ExitApp(); // check our authentication requirements if (empty($user) && empty($pass) && empty($token)) { return -1; } // we have an existing authentication token present if (!empty($token) && empty($user) && empty($pass)) { $array = $auth->DecodeAuthToken($token); $user = base64_decode($array[0]); $pass = base64_decode($array[1]); $time = $array[4]; $current = $misc->GenTime(); if ($lib->AuthTimeOut($defined['timeout'], $time, $current) === -1) { return -2; } } // perform validation on username and password if ($val->ValidateAlphaChar($user) === -1 || $val->ValidateParagraph($pass) === -1) { return -3; } // see if the user exists for authenticaiton $data = $db->dbConnect($defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname']); $query = "SELECT * FROM `auth_users` WHERE `username` = \"{$user}\" AND `password` = sha1( \"{$pass}\" )"; $query = $val->ValidateSQL($query, $data); // database problem if (($value = $db->dbQuery($query, $data)) === -1) { return -5; } // check user match if ($db->dbNumRows($value) === -1 || $db->dbNumRows($value) === 0) { return -4; } else { $return = 0; } // create our authentication session token if (empty($token)) { $array = $db->dbArrayResults($value); $x = $auth->GeneratePrivateKey($defined['enckeygen']); $access_date = $misc->GenDate(); $access_time = $misc->GenTimeRead(); $query = "UPDATE `auth_users` SET `access_date` = \"" . $access_date . "\", `access_time` = \"" . $access_time . "\", `session` = \"{$x}\" WHERE `id` = \"" . $array[0]['id'] . "\""; $value = $val->ValidateSQL($query, $data); if (($value = $db->dbQuery($value, $data)) === -1) { return -5; } $x = $auth->EncodePrivToHex($x); if (($token = $auth->EncodeAuthToken($array[0]['username'], $pass, $array[0]['level'], $array[0]['group'], $misc->GenTime(), $x)) !== -1) { $sess->RegisterSession("token", $token); $return = 0; } } $db->dbFreeData($query); $db->dbCloseConn($data); return $return; }