thooge
/
ipreg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactored user, vlan and zone

This commit is contained in:
Thomas Hooge 2023-03-03 19:33:52 +01:00
parent c63b500d77
commit 32bd592098
31 changed files with 473 additions and 407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
submit.php
View File

@ -119,7 +119,7 @@ if (isset($_POST['add'])) {
header_location("assetview.php?asset_id=" . $dbh->lastInsertId());
break;
/* refactored
/*
case ("assetclass") :
$name = sanitize($_POST['assetclass_name']);
$description = sanitize($_POST['assetclass_description']);
@ -304,7 +304,7 @@ if (isset($_POST['add'])) {
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
/* case ("user") :
$user_name = strtolower(sanitize($_POST['user_name']));
$user_displayname = sanitize($_POST['user_displayname']);
$user_password = md5(sanitize($_POST['user_password']));
@ -338,7 +338,7 @@ if (isset($_POST['add'])) {
$sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info]);
header_location("vlanview.php?vlan_id=" . $dbh->lastInsertId());
break;
break; */
case ("vlansubnet") :
$subnet_id = sanitize($_POST['subnet_id']);
@ -352,7 +352,7 @@ if (isset($_POST['add'])) {
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
/* case ("zone") :
$zone_origin = sanitize($_POST['zone_origin']);
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
$zone_soa = sanitize($_POST['zone_soa']);
@ -380,7 +380,7 @@ if (isset($_POST['add'])) {
$zone_ns1, $zone_ns2, $zone_ns3, $zone_mx1, $zone_mx2, $zone_info]);
header_location("zoneview.php?zone_id=" . $dbh->lastInsertId());
break;
break; */
}
}
@ -398,7 +398,7 @@ if (isset($_POST['del'])) {
header_location("asset.php");
break;
/* refactored
/*
case ("assetclass") :
$assetclass_id = sanitize($_POST['assetclass_id']);
@ -487,7 +487,7 @@ if (isset($_POST['del'])) {
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
/* case ("user") :
$user_id = sanitize($_POST['user_id']);
$sth = $dbh->prepare("DELETE FROM user WHERE user_id=?");
@ -503,7 +503,7 @@ if (isset($_POST['del'])) {
$sth->execute([$vlan_id]);
header_location("vlan.php");
break;
break; */
case ("vlansubnet") :
$subnet_id = sanitize($_POST['subnet_id']);
@ -515,14 +515,14 @@ if (isset($_POST['del'])) {
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
/* case ("zone") :
$zone_id = sanitize($_POST['zone_id']);
$sth = $dbh->prepare("DELETE FROM zone WHERE zone_id=?");
$sth->execute([$zone_id]);
header_location("zone.php");
break;
break; */
}
}
@ -548,7 +548,7 @@ if (isset($_POST['edit'])) {
$asset_id]);
header_location("assetview.php?asset_id=" . $asset_id);
/* refactored
/*
case ("assetclass") :
$id = sanitize($_POST['assetclass_id']);
$name = sanitize($_POST['assetclass_name']);
@ -729,7 +729,7 @@ if (isset($_POST['edit'])) {
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
/* case ("user") :
$user_id = sanitize($_POST['user_id']);
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
@ -803,7 +803,7 @@ if (isset($_POST['edit'])) {
$id]);
header_location("zoneview.php?zone_id=" . $zone_id);
break;
break; */
}
}

4
tpl/user.tpl
View File

@ -5,7 +5,7 @@
{$lang_users} ({$users|@count})
</td>
<td align="right">
<a href="useradd.php"><img src="images/user_add.png" alt="{$lang_user_add}" /></a>
<a href="user.php?f=add"><img src="images/user_add.png" alt="{$lang_user_add}" /></a>
</td>
</tr>
</table>
@ -28,7 +28,7 @@
{foreach item=user from=$users}
<tr>
<td class="label">
<a href="userview.php?user_id={$user.id}">{$user.name}</a>
<a href="user.php?f=view&id={$user.id}">{$user.name}</a>
</td>
<td class="value">
{$user.realm}

5
tpl/useradd.tpl
View File

@ -1,5 +1,4 @@
<form method="POST" action="submit.php">
<input type="hidden" name="add" value="user">
<form method="POST" action="user.php">
<table class="title">
<tr>
@ -9,7 +8,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>
<input type="image" src="images/user_add.png" alt="{$lang_submit}" />
<input type="image" name="submit[insert]" src="images/user_add.png" alt="{$lang_submit}" />
</td>
</tr>
</table>

9
tpl/userdel.tpl
View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="del" value="user">
<input type="hidden" name="user_id" value="{$user->id}">
<form method="POST" action="user.php">
<input type="hidden" name="id" value="{$user->id}">
<table class="title">
<tr>
@ -10,7 +9,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>
<input type="image" src="images/user_delete.png" alt="{$lang_submit}">
<input type="image" name="submit[delete]" src="images/user_delete.png" alt="{$lang_submit}">
</td>
</tr>
</table>
@ -29,7 +28,7 @@
{$lang_user_name}
</td>
<td class="value">
<a href="userview.php?user_id={$user->id}">{$user->name}</a>
<a href="user.php?f=view&id={$user->id}">{$user->name}</a>
</td>
</tr>
</table>

7
tpl/useredit.tpl
View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="edit" value="user">
<input type="hidden" name="user_id" value="{$user->id}">
<form method="POST" action="user.php">
<input type="hidden" name="id" value="{$user->id}">
<table class="title">
<tr>
@ -10,7 +9,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=save" alt="{$lang_submit}">
<input type="image" name="submit[update]" src="images/page_save.png" alt="{$lang_submit}">
</td>
</tr>
</table>

8
tpl/userview.tpl
View File

@ -2,11 +2,11 @@
<tr>
<td class="header">
<img class="icon" src="images/user.png" alt="" />
{$user_name}
{$user->name}
</td>
<td align="right">
<a href="useredit.php?user_id={$user->id}"><img src="images/user_edit.png" alt="{$lang_user_edit}"></a>
<a href="userdel.php?user_id={$user->id}"><img src="images/user_delete.png" alt="{$lang_user_del}"></a>
<a href="user.php?f=edit&id={$user->id}"><img src="images/user_edit.png" alt="{$lang_user_edit}"></a>
<a href="user.php?f=del&id={$user->id}"><img src="images/user_delete.png" alt="{$lang_user_del}"></a>
</td>
</tr>
</table>
@ -25,7 +25,7 @@
{$lang_user_name}
</td>
<td class="value">
<a href="userview.php?user_id={$user->id}">{$user->name}</a>
<b>{$user->name}</b>
</td>
</tr>
<tr>

4
tpl/vlan.tpl
View File

@ -6,7 +6,7 @@
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="vlanadd.php"><img src="image.php?icon=add" alt="{$lang_vlan_add}" {if $suser_tooltips}title="{$lang_vlan_add}" {/if}/></a>
<a href="vlan.php?f=add"><img src="image.php?icon=add" alt="{$lang_vlan_add}" {if $suser_tooltips}title="{$lang_vlan_add}" {/if}/></a>
{/if}
</td>
</tr>
@ -31,7 +31,7 @@
</td>
<td class="value">
<img src="image.php?color={$vlan.color}" alt="#{$vlan.color}">
<a href="vlanview.php?vlan_id={$vlan.id}">{$vlan.name}</a>
<a href="vlan.php?f=view&id={$vlan.id}">{$vlan.name}</a>
</td>
<td>
{$vlan.info}

5
tpl/vlanadd.tpl
View File

@ -1,5 +1,4 @@
<form method="POST" action="submit.php">
<input type="hidden" name="add" value="vlan">
<form method="POST" action="vlan.php">
<table class="title">
<tr>
@ -8,7 +7,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=save" alt="{$lang_submit}">
<input type="image" name="submit[insert]" src="images/page_save.png" alt="{$lang_submit}">
</td>
</tr>
</table>

9
tpl/vlandel.tpl
View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="del" value="vlan">
<input type="hidden" name="vlan_id" value="{$vlan->id}">
<form method="POST" action="vlan.php">
<input type="hidden" name="id" value="{$vlan->id}">
<table class="title">
<tr>
@ -9,7 +8,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=delete" alt="{$lang_submit}">
<input type="image" name="submit[delete]" src="images/bin.png" alt="{$lang_delete}">
</td>
</tr>
</table>
@ -28,7 +27,7 @@
{$lang_vlan_name}
</td>
<td class="value">
<a href="vlanview.php?vlan_id={$vlan->id}">{$vlan->name}&nbsp;({$vlan->number})</a>
<a href="vlan.php?f=view&id={$vlan->id}">{$vlan->name}&nbsp;({$vlan->number})</a>
</td>
</tr>
</table>

7
tpl/vlanedit.tpl
View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="edit" value="vlan">
<input type="hidden" name="vlan_id" value="{$vlan->id}">
<form method="POST" action="vlan.php">
<input type="hidden" name="id" value="{$vlan->id}">
<table class="title">
<tr>
@ -10,7 +9,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=save" alt="{$lang_submit}">
<input type="image" name="submit[update]" src="images/page_save.png" alt="{$lang_save}">
</td>
</tr>
</table>

6
tpl/vlanview.tpl
View File

@ -9,10 +9,10 @@
<a href="assignvlantosubnet.php?vlan_id={$vlan->id}"><img src="image.php?icon=add" alt="{$lang_assignvlantosubnet}"></a>
{/if}
{if $suser_edit}
<a href="vlanedit.php?vlan_id={$vlan->id}"><img src="image.php?icon=edit" alt="{$lang_vlan_edit}"></a>
<a href="vlan.php?f=edit&id={$vlan->id}"><img src="image.php?icon=edit" alt="{$lang_vlan_edit}"></a>
{/if}
{if $suser_delete}
<a href="vlandel.php?vlan_id={$vlan->id}"><img src="image.php?icon=delete" alt="{$lang_vlan_del}"></a>
<a href="vlan.php?f=del&id={$vlan->id}"><img src="image.php?icon=delete" alt="{$lang_vlan_del}"></a>
{/if}
</td>
</tr>
@ -32,7 +32,7 @@
{$lang_vlan_name}
</td>
<td class="value">
<a href="vlanview.php?vlan_id={$vlan->id}">{$vlan->name}</a>
<a href="vlan.php?f=view&id={$vlan->id}">{$vlan->name}</a>
</td>
</tr>
<tr>

4
tpl/zone.tpl
View File

@ -6,7 +6,7 @@
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="zoneadd.php"><img src="image.php?icon=add" alt="{$lang_zone_add}"></a>
<a href="zone.php?f=add"><img src="image.php?icon=add" alt="{$lang_zone_add}"></a>
{/if}
</td>
</tr>
@ -27,7 +27,7 @@
{foreach item=zone from=$zones}
<tr>
<td class="label">
<a href="zoneview.php?zone_id={$zone.id}">{$zone.origin}</a>
<a href="zone.php?f=view&id={$zone.id}">{$zone.origin}</a>
</td>
<td class="value">
{$zone.hostmaster}

5
tpl/zoneadd.tpl
View File

@ -1,5 +1,4 @@
<form method="POST" action="submit.php">
<input type="hidden" name="add" value="zone">
<form method="POST" action="zone.php">
<table class="title">
<tr>
@ -8,7 +7,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=save" alt="{$lang_submit}">
<input type="image" name="submit[insert]" src="images/page_save.png" alt="{$lang_submit}">
</td>
</tr>
</table>

11
tpl/zonedel.tpl
View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="del" value="zone">
<input type="hidden" name="zone_id" value="{$zone.zone_id}">
<form method="POST" action="zone.php">
<input type="hidden" name="id" value="{$zone->zone_id}">
<table class="title">
<tr>
@ -9,7 +8,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>
<input type="image" src="images/table_delete.png" alt="{$lang_submit}">
<input type="image" name="submit[delete]" src="images/table_delete.png" alt="{$lang_submit}">
</td>
</tr>
</table>
@ -28,8 +27,8 @@
{$lang_zone}
</td>
<td class="value">
<a href="zoneview.php?zone_id={$zone.zone_id}">{$zone.zone_origin}</a>
({$zone.zone_serial})
<a href="zone.php?f=view&id={$zone->zone_id}">{$zone->zone_origin}</a>
({$zone->zone_serial})
</td>
</tr>
</table>

9
tpl/zoneedit.tpl
View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="edit" value="zone">
<input type="hidden" name="zone_id" value="{$zone->zone_id}">
<form method="POST" action="zone.php">
<input type="hidden" name="id" value="{$zone->zone_id}">
<table class="title">
<tr>
@ -10,7 +9,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=save" alt="{$lang_submit}">
<input type="image" name="submit[update]" src="images/page_save.png" alt="{$lang_save}">
</td>
</tr>
</table>
@ -141,7 +140,7 @@
Zone Info
</td>
<td class="value">
<textarea name="zone_info" cols="30" rows="10">{$zone.zone_info}</textarea>
<textarea name="zone_info" cols="30" rows="10">{$zone->zone_info}</textarea>
</td>
</tr>
</table>

4
tpl/zoneview.tpl
View File

@ -6,10 +6,10 @@
</td>
<td align="right">
{if $suser_edit || $suser_admin}
<a href="zoneedit.php?zone_id={$zone->zone_id}"><img src="images/table_edit.png" alt="{$lang_zone_edit}" /></a>
<a href="zone.php?f=edit&id={$zone->zone_id}"><img src="images/table_edit.png" alt="{$lang_zone_edit}" /></a>
{/if}
{if $suser_delete || $suser_admin}
<a href="zonedel.php?zone_id={$zone->zone_id}"><img src="images/table_delete.png" alt="{$lang_zone_del}" /></a>
<a href="zone.php?f=del&id={$zone->zone_id}"><img src="images/table_delete.png" alt="{$lang_zone_del}" /></a>
{/if}
</td>
</tr>

152
user.php
View File

@ -13,8 +13,90 @@ if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] ==
header_location('comments.php?comments=accessdenied');
}
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'] or $id = 0;
}
// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {
case NULL: break;
case 'add': $action = ACT_ADD; break;
case 'view': $action = ACT_VIEW; break;
case 'edit': $action = ACT_EDIT; break;
case 'del': $action = ACT_DELETE; break;
case 'insert':
$user_name = strtolower(sanitize($_POST['user_name']));
$user_displayname = sanitize($_POST['user_displayname']);
$user_password = md5(sanitize($_POST['user_password']));
// check if username exists
$sth = $dbh->prepare("SELECT COUNT(*) FROM user WHERE user_name=?");
$sth->execute([$user_name]);
if ($sth->fetchColumn() == 0) {
$sql = "INSERT INTO user (user_name, user_displayname, user_pass)
VALUE (?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$user_name, $user_displayname, $user_password]);
$id = $dbh->lastInsertId();
$action = ACT_VIEW;
} else {
$g_error->Add(_("Username already in use."));
$action = ACT_ADD;
}
break;
case 'update':
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
$user_realm = sanitize($_POST['user_realm']);
// roles
$role_add = sanitize($_POST['role_add']);
$role_edit = sanitize($_POST['role_edit']);
$role_delete = sanitize($_POST['role_delete']);
$role_manage = sanitize($_POST['role_manage']);
$role_admin = sanitize($_POST['role_admin']);
// construct menu set
$role = array();
if ($role_add) $role[] = 'add';
if ($role_edit) $role[] = 'edit';
if ($role_delete) $role[] = 'delete';
if ($role_manage) $role[] = 'manage';
if ($role_admin) $role[] = 'admin';
$sql = "UPDATE user SET
user_name=?, user_displayname=?, user_realm=?,
user_role=?
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_name ,$user_displayname, $user_realm,
implode(',', $role), $id]);
$action = ACT_VIEW;
break;
case 'delete':
$sth = $dbh->prepare("DELETE FROM user WHERE user_id=?");
$sth->execute([$id]);
$g_message->Add(_("User deleted."));
$action = ACT_DEFAULT;
break;
default:
$g_error->Add(submit_error($submit));
$valid = FALSE;
}
// ========== ACTIONS END =====================================================
include("header.php");
if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================
$sql = "SELECT user_id AS id, user_name AS name,
user_displayname AS displayname, user_realm AS realm,
user_role AS role
@ -27,10 +109,74 @@ $users = $sth->fetchAll(PDO::FETCH_ASSOC);
for($i = 0; $i < count($users); $i++) {
$users[$i]['role'] = explode(',', $users[$i]['role'] );
}
$smarty->assign("users", $users);
$smarty->display("user.tpl");
include("footer.php");
elseif ($action == ACT_ADD):
// ========== VARIANT: add record =============================================
$realms = db_load_enum('user','user_realm');
$smarty->assign("realm_ids", $realms);
$smarty->assign("realm_names", $realms);
$smarty->assign("realm_selected", $realms[0]);
$smarty->display("useradd.tpl");
elseif ($action == ACT_VIEW):
// ========== VARIANT: view single record =====================================
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm as realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$user->flags = explode(',', $user->flags);
$smarty->assign("user", $user);
$smarty->display("userview.tpl");
elseif ($action == ACT_EDIT):
// ========== VARIANT: edit single record =====================================
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm AS realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$smarty->assign("user", $user);
// auth realms
$smarty->assign("realm_ids", ['local', 'ldap']);
$smarty->assign("realm_names", ['Local', 'LDAP']);
$smarty->assign("realm_selected", $user->realm);
$smarty->display("useredit.tpl");
elseif ($action == ACT_DELETE):
// ========== VARIANT: delete record ==========================================
$sth = $dbh->prepare("SELECT user_id AS id, user_name AS name FROM user WHERE user_id=?");
$sth->execute([$id]);
$smarty->assign("user", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("userdel.tpl");
else:
// ========== ERROR UNKNOWN VARIANT ===========================================
echo "<p>Unknown function call: Please report to system development!</p>\n";
endif; // $action == ...
// ========== END OF VARIANTS =================================================
$smarty->display('footer.tpl');
?>

27
useradd.php
View File

@ -1,27 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (($_SESSION['suser_role_admin'] == 0) && ($_SESSION['suser_role_manage'] == 0)) {
header_location('comments.php?comments=accessdenied');
}
include("header.php");
$realms = db_load_enum('user','user_realm');
$smarty->assign("realm_ids", $realms);
$smarty->assign("realm_names", $realms);
$smarty->assign("realm_selected", $realms[0]);
$smarty->display("useradd.tpl");
include("footer.php");
?>

28
userdel.php
View File

@ -1,28 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if ($_SESSION['suser_role_admin'] == 0) {
header_location('comments.php?comments=accessdenied');
}
$user_id = sanitize($_GET['user_id']);
include("header.php");
$sth = $dbh->prepare("SELECT user_id AS id user_name AS user_name FROM user WHERE user_id=?");
$dbh->execute([$user_id]);
$smarty->assign("user", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("userdel.tpl");
include("footer.php");
?>

39
useredit.php
View File

@ -1,39 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (($_SESSION['suser_role_admin'] == 0) && ($_SESSION['suser_role_manage'] == 0)) {
header_location('comments.php?comments=accessdenied');
}
$user_id = sanitize($_GET['user_id']);
include("header.php");
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm AS realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_id]);
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$smarty->assign("user", $user);
// auth realms
$smarty->assign("realm_ids", ['local', 'ldap']);
$smarty->assign("realm_names", ['Local', 'LDAP']);
$smarty->assign("realm_selected", $user->realm);
$smarty->display("useredit.tpl");
include("footer.php");
?>

35
userview.php
View File

@ -1,35 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] == 0)) {
header_location('comments.php?comments=accessdenied');
}
$user_id = sanitize($_GET['user_id']);
include("header.php");
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm as realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_id]);
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$user->flags = explode(',', $user->flags);
$smarty->assign("user", $user);
$smarty->display("userview.tpl");
include("footer.php");
?>

123
vlan.php
View File

@ -8,8 +8,68 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'] or $id = 0;
}
// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {
case NULL: break;
case 'add': $action = ACT_ADD; break;
case 'view': $action = ACT_VIEW; break;
case 'edit': $action = ACT_EDIT; break;
case 'del': $action = ACT_DELETE; break;
case 'insert':
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
$vlan_color = sanitize($_POST['vlan_color']);
$sql = "INSERT INTO vlan (vlan_name, vlan_number, vlan_color, vlan_info)
VALUE (?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info]);
$id = $dbh->lastInsertId();
$action = ACT_VIEW;
break;
case 'update':
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
$vlan_color = sanitize($_POST['vlan_color']);
$sql = "UPDATE vlan SET vlan_name=?, vlan_number=?, vlan_color=?, vlan_info=? WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info, $id]);
$action = ACT_VIEW;
break;
case 'delete':
$sth = $dbh->prepare("DELETE FROM vlan WHERE vlan_id=?");
$sth->execute([$id]);
$g_message->Add(_("VLAN deleted."));
$action = ACT_DEFAULT;
break;
default:
$g_error->Add(submit_error($submit));
$valid = FALSE;
}
// ========== ACTIONS END =====================================================
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================
$sql = "SELECT vlan_id AS id, vlan_number AS number, vlan_name AS name,
vlan_color AS color, LEFT(vlan_info, 60) AS info
FROM vlan
@ -19,5 +79,66 @@ $smarty->assign("vlans", $sth->fetchAll());
$smarty->display("vlan.tpl");
include("footer.php");
elseif ($action == ACT_ADD):
// ========== VARIANT: add record =============================================
$smarty->display("vlanadd.tpl");
elseif ($action == ACT_VIEW):
// ========== VARIANT: view single record =====================================
// vlan
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
vlan_info AS info, vlan_color AS color
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
// subnets
$sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask, s.subnet_info
FROM subnet AS s LEFT JOIN subnetvlan AS v USING (subnet_id)
WHERE v.vlan_id=?
ORDER BY INET_ATON(s.subnet_address)";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("subnets", $sth->fetchAll());
$smarty->display("vlanview.tpl");
elseif ($action == ACT_EDIT):
// ========== VARIANT: edit single record =====================================
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
vlan_color AS color, vlan_info AS info
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("vlanedit.tpl");
elseif ($action == ACT_DELETE):
// ========== VARIANT: delete record ==========================================
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("vlandel.tpl");
else:
// ========== ERROR UNKNOWN VARIANT ===========================================
echo "<p>Unknown function call: Please report to system development!</p>\n";
endif; // $action == ...
// ========== END OF VARIANTS =================================================
$smarty->display('footer.tpl');
?>

18
vlanadd.php
View File

@ -1,18 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
$smarty->display("vlanadd.tpl");
include("footer.php");
?>

26
vlandel.php
View File

@ -1,26 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$vlan_id = sanitize($_GET['vlan_id']);
include("header.php");
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("vlandel.tpl");
include("footer.php");
?>

28
vlanedit.php
View File

@ -1,28 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$vlan_id = sanitize($_GET['vlan_id']);
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
vlan_color AS color, vlan_info AS info
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("vlanedit.tpl");
include("footer.php");
?>

37
vlanview.php
View File

@ -1,37 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$vlan_id = sanitize($_GET['vlan_id']);
include("header.php");
// vlan
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
vlan_info AS info, vlan_color AS color
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
// subnets
$sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask, s.subnet_info
FROM subnet AS s LEFT JOIN subnetvlan AS v USING (subnet_id)
WHERE v.vlan_id=?
ORDER BY INET_ATON(s.subnet_address)";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_id]);
$smarty->assign("subnets", $sth->fetchAll());
$smarty->display("vlanview.tpl");
include("footer.php");
?>

149
zone.php
View File

@ -8,9 +8,99 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'] or $id = 0;
}
// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {
case NULL: break;
case 'add': $action = ACT_ADD; break;
case 'view': $action = ACT_VIEW; break;
case 'edit': $action = ACT_EDIT; break;
case 'del': $action = ACT_DELETE; break;
case 'insert':
$zone_origin = sanitize($_POST['zone_origin']);
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
$zone_soa = sanitize($_POST['zone_soa']);
$zone_hostmaster = sanitize($_POST['zone_hostmaster']);
$zone_refresh = sanitize($_POST['zone_refresh']);
$zone_retry = sanitize($_POST['zone_retry']);
$zone_expire = sanitize($_POST['zone_expire']);
$zone_ttl = sanitize($_POST['zone_ttl']);
$zone_serial = sanitize($_POST['zone_serial']);
$zone_ns1 = sanitize($_POST['zone_ns1']);
$zone_ns2 = sanitize($_POST['zone_ns2']);
$zone_ns3 = sanitize($_POST['zone_ns3']);
$zone_mx1 = sanitize($_POST['zone_mx1']);
$zone_mx2 = sanitize($_POST['zone_mx2']);
$zone_info = sanitize($_POST['zone_info']);
$sql = "INSERT INTO zone (
zone_origin, zone_ttl_default, zone_soa, zone_hostmaster,
zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info)
VALUE (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$zone_origin, $zone_ttl_default, $zone_soa, $zone_hostmaster,
$zone_refresh, $zone_retry, $zone_expire, $zone_ttl, $zone_serial,
$zone_ns1, $zone_ns2, $zone_ns3, $zone_mx1, $zone_mx2, $zone_info]);
$id = $dbh->lastInsertId();
$action = ACT_VIEW;
break;
case 'update':
$origin = sanitize($_POST['zone_origin']);
$ttl_default = sanitize($_POST['zone_ttl_default']);
$soa = sanitize($_POST['zone_soa']);
$hostmaster = sanitize($_POST['zone_hostmaster']);
$refresh = sanitize($_POST['zone_refresh']);
$retry = sanitize($_POST['zone_retry']);
$expire = sanitize($_POST['zone_expire']);
$ttl = sanitize($_POST['zone_ttl']);
$serial = sanitize($_POST['zone_serial']);
$ns1 = sanitize($_POST['zone_ns1']);
$ns2 = sanitize($_POST['zone_ns2']);
$ns3 = sanitize($_POST['zone_ns3']);
$mx1 = sanitize($_POST['zone_mx1']);
$mx2 = sanitize($_POST['zone_mx2']);
$info = sanitize($_POST['zone_info']);
$sql = "UPDATE zone SET
zone_origin=?, zone_ttl_default=?, zone_soa=?, zone_hostmaster=?,
zone_refresh=?, zone_retry=?, zone_expire=?, zone_ttl=?, zone_serial=?,
zone_ns1=?, zone_ns2=?, zone_ns3=?, zone_mx1=?, zone_mx2=?, zone_info=?
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$origin, $ttl_default, $soa, $hostmaster, $refresh, $retry,
$expire, $ttl, $serial, $ns1, $ns2, $ns3, $mx1, $mx2, $info,
$id]);
$action = ACT_VIEW;
break;
case 'delete':
$sth = $dbh->prepare("DELETE FROM zone WHERE zone_id=?");
$sth->execute([$id]);
$g_message->Add(_("Deleted zone"));
$action = ACT_DEFAULT;
break;
default:
$g_error->Add(submit_error($submit));
$valid = FALSE;
}
// ========== ACTIONS END =====================================================
include("header.php");
if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================
$sql = "SELECT zone_id AS id, zone_origin AS origin, zone_soa AS soa,
zone_hostmaster AS hostmaster, zone_serial AS serial
FROM zone
@ -19,6 +109,57 @@ $sth = $dbh->query($sql);
$smarty->assign("zones", $sth->fetchAll());
$smarty->display("zone.tpl");
include("footer.php");
elseif ($action == ACT_ADD):
// ========== VARIANT: add record =============================================
$smarty->display("zoneadd.tpl");
elseif ($action == ACT_VIEW):
// ========== VARIANT: view single record =====================================
$sql = "SELECT zone_id, zone_soa, zone_hostmaster, zone_origin,
zone_ttl_default, zone_refresh, zone_retry, zone_expire,
zone_ttl, zone_serial, zone_ns1, zone_ns2, zone_ns3,
zone_mx1, zone_mx2, zone_info
FROM zone
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("zoneview.tpl");
elseif ($action == ACT_EDIT):
// ========== VARIANT: edit single record =====================================
$sql = "SELECT zone_id, zone_soa, zone_hostmaster, zone_origin, zone_ttl_default,
zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info
FROM zone
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("zoneedit.tpl");
elseif ($action == ACT_DELETE):
// ========== VARIANT: delete record ==========================================
$sth = $dbh->prepare("SELECT zone_id, zone_origin, zone_serial FROM zone WHERE zone_id=?");
$sth->execute([$id]);
$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("zonedel.tpl");
else:
// ========== ERROR UNKNOWN VARIANT ===========================================
echo "<p>Unknown function call: Please report to system development!</p>\n";
endif; // $action == ...
// ========== END OF VARIANTS =================================================
$smarty->display('footer.tpl');
?>

16
zoneadd.php
View File

@ -1,16 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
include("header.php");
$smarty->display("zoneadd.tpl");
include("footer.php");
?>

23
zonedel.php
View File

@ -1,23 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$zone_id = sanitize($_GET['zone_id']);
include("header.php");
$sth = $dbh->prepare("SELECT zone_id, zone_origin, zone_serial FROM zone WHERE zone_id=?");
$sth->execute($sql);
$smarty->assign("zone", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("zonedel.tpl");
include("footer.php");
?>

27
zoneedit.php
View File

@ -1,27 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$zone_id = sanitize($_GET['zone_id']);
include("header.php");
$sql = "SELECT zone_id, zone_soa, zone_hostmaster, zone_origin, zone_ttl_default,
zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info
FROM zone
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$zone_id]);
$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("zoneedit.tpl");
include("footer.php");
?>

29
zoneview.php
View File

@ -1,29 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$zone_id = sanitize($_GET['zone_id']);
include("header.php");
$sql = "SELECT zone_id, zone_soa, zone_hostmaster, zone_origin,
zone_ttl_default, zone_refresh, zone_retry, zone_expire,
zone_ttl, zone_serial, zone_ns1, zone_ns2, zone_ns3,
zone_mx1, zone_mx2, zone_info
FROM zone
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$zone_id]);
$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("zoneview.tpl");
include("footer.php");
?>