Fixed utf8 encoding for ldap dn

Fixed search links
Fixed and improved subnet add/edit
2023-12-22 10:42:58 +01:00 · 2023-08-29 08:44:13 +02:00 · 2023-03-15 07:43:46 +01:00 · 2023-03-14 18:58:28 +01:00 · 2023-03-13 14:58:22 +01:00 · 2023-03-12 17:05:34 +01:00
196 changed files with 9315 additions and 8882 deletions
--- a/about.php
+++ b/about.php
@ -12,5 +12,4 @@ include("header.php");
 $smarty->display("about.tpl");
-include("footer.php");
+$smarty->display("footer.tpl");
 ?>
--- a/asset.php
+++ b/asset.php
@ -9,47 +9,253 @@ SPDX-License-Identifier: GPL-3.0-or-later
 include("includes.php");
-include("header.php");
+if (isset($_REQUEST['id'])) {
-	
+    $id = (int) $_REQUEST['id'] or $id = 0;
 // create letter links
 $query = "SELECT
 		SUBSTRING(UPPER(asset.asset_name),1,1) AS asset_letter
 	FROM
 		asset
 	GROUP BY
 		asset_letter
 	ORDER BY
 		asset_letter";
 $alphabet = $db->db_select($query);
 $smarty->assign("alphabet", $alphabet);
 // setup current letter
 if(isset($_GET['asset_letter'])) {
 	$asset_letter = sanitize($_GET['asset_letter']);
 } else {
 	$asset_letter = $alphabet[0]['asset_letter'];
 }
-$query = "SELECT
+// ========== ACTIONS START ===================================================
-		a.asset_id,
+switch ($submit = form_get_action()) {
 		IF(LENGTH(a.asset_name)>0, a.asset_name, '...') AS asset_name,
 		a.asset_info,
 		c.assetclass_id,
 		c.assetclass_name
 	FROM
 		asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
 	WHERE
 		SUBSTRING(a.asset_name,1,1) = '" . $asset_letter . "'
 	ORDER BY
 		a.asset_name";
-$assets = $db->db_select($query);
+    case NULL: break;
-$smarty->assign("assets", $assets);
+    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'insert':
        $name = sanitize($_POST['asset_name']);
        $hostname = sanitize($_POST['asset_hostname']);
        $assetclass_id = sanitize($_POST['assetclass_id']);
        $info = sanitize($_POST['asset_info']);
        $intf = sanitize($_POST['asset_intf']);
        $asset_type = sanitize($_POST['asset_type']);
        $sql = "INSERT INTO asset
                    (asset_name, asset_hostname, assetclass_id, asset_info,
                     asset_intf, asset_type)
                VALUE 
                    (?, ?, ?, ?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$name, $hostname, $assetclass_id, $info, $intf, $asset_type]);
        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break;
    case 'update':
        $asset_name = sanitize($_POST['asset_name']);
        $asset_info = sanitize($_POST['asset_info']);
        $asset_intf = sanitize($_POST['asset_intf']);
        $asset_hostname = sanitize($_POST['asset_hostname']);
        $assetclass_id = sanitize($_POST['assetclass_id']);
        $asset_type = sanitize($_POST['asset_type']);
        $sql = "UPDATE asset SET
                    asset_name=?, asset_info=?, asset_hostname=?,
                    assetclass_id=?, asset_intf=?, asset_type=?
                WHERE asset_id=?";
        $sth = $dbh->prepare($sql);
        try {
            $sth->execute([$asset_name, $asset_info, $asset_hostname, 
                           $assetclass_id, $asset_intf, $asset_type,
                           $id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        // Ext. links
        if ($config_ext['zabbix']['enabled'] and isset($_POST['x_zbx_host'])) {
            $zbx_host = sanitize($_POST['x_zbx_host']);
            $sql = "SELECT extlink_id FROM extlink WHERE asset_id=? AND extlink_type='zabbix'";
            $sth = $dbh->prepare($sql);
            $sth->execute([$id]);
            if ($linkid = $sth->fetchColumn()) {
                $sql = "UPDATE extlink SET extlink_refid=? WHERE extlink_id=?";
                $sth = $dbh->prepare($sql);
                $sth->execute([$zbx_host, $linkid]);
            } else {
                $sql = "INSERT INTO extlink (asset_id, extlink_type, extlink_refid) VALUES (?, 'zabbix', ?)";
                $sth = $dbh->prepare($sql);
                $sth->execute([$id, $zbx_host]);
            }
        }
        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("DELETE FROM asset WHERE asset_id=?");
        $sth->execute([$id]);
        $sth = $dbh->prepare("DELETE FROM node WHERE asset_id=?");
        try {
            $sth->execute([$id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
 if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 // create letter links
 $sql = "SELECT DISTINCT SUBSTRING(UPPER(asset_name),1,1) AS bst
 	FROM asset
 	ORDER BY bst";
 $sth = $dbh->query($sql);
 $alphabet = $sth->fetchAll();
 $alphabet[] = ['bst' => '*'];
 $smarty->assign("alphabet", $alphabet);
 // total asset count
 $sth = $dbh->query("SELECT COUNT(*) FROM asset");
 $assetcount = $sth->fetchColumn();
 $smarty->assign("assetcount", $assetcount);
 // assets for current letter
 if (isset($_GET['bst'])) {
    $bst = sanitize($_GET['bst']);
 } else {
   $bst = $alphabet[0]['bst'];
 }
 $sql = "SELECT a.asset_id, IF(LENGTH(a.asset_name)>0, a.asset_name, '...') AS asset_name,
            a.asset_info, c.assetclass_id, c.assetclass_name
 	FROM asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)";
 if ($bst != '*') {
    $sql .= " WHERE SUBSTRING(a.asset_name,1,1)=?";
    $p = array($bst);
 } else {
    $p = array();
 }
 $sql .=	" ORDER BY a.asset_name";
 $sth = $dbh->prepare($sql);
 $sth->execute($p);
 $smarty->assign("assets", $sth->fetchAll());
 $smarty->display("asset.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 if((isset($_GET['assetclass_id'])) ? $assetclass_id = sanitize($_GET['assetclass_id']) : $assetclass_id = "");
 $smarty->assign("assetclass_id", $assetclass_id);
 $sql = "SELECT assetclass_id, assetclass_name
        FROM assetclass
 	ORDER BY assetclass_name";
 $sth = $dbh->query($sql);
 $types = db_load_enum('asset','asset_type');
 $smarty->assign("type_ids", $types);
 $smarty->assign("type_names", $types);
 $smarty->assign("type_selected", $types[0]);
 $assetclass_options = array();
 foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
    $assetclass_options[$rec[0]] = $rec[1];
 }
 $smarty->assign("assetclass_options", $assetclass_options);
 $smarty->display("assetadd.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 $sql = "SELECT a.asset_id, a.asset_name, a.asset_hostname, a.asset_info,
            a.asset_intf, a.asset_type, c.assetclass_id, c.assetclass_name
        FROM asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
        WHERE a.asset_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $asset = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("asset", $asset);
 $sql = "SELECT node_id, node_ip, node.node_flags & 0x1 = 1 AS deleted,
            CONCAT(LEFT(node_info, 40), IF(CHAR_LENGTH(node_info)>40,'...','')) AS node_info
        FROM node
        WHERE asset_id=?
        ORDER BY INET_ATON(node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("nodes", $sth->fetchAll(PDO::FETCH_ASSOC));
 // external systems
 // extlink_id
 // asset_id
 // Type:  enum('cdb','zabbix','topdesk', osticket
 // ID: extlink_refid  int
 //     extlink_uid string
 if ($config_ext['zabbix']['enabled']) {
    $smarty->assign("zabbix", true);
    $sql = "SELECT extlink_refid FROM extlink WHERE extlink_type='zabbix' AND asset_id=?";
    $sth = $dbh->prepare($sql);
    $sth->execute([$id]);
    $refid = $sth->fetchColumn();
    // TODO fetch ext data here
    //$zbx = new PDO('mysql:host='.$config_ext['zabbix']['host'].';dbname='.$config_ext['zabbix']['db'].';', $config_ext['zabbix']['user'], $config_ext['zabbix']['pass']);
    //$zbx->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    //$zbx->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
    $smarty->assign('refid', $refid);
 }
 $smarty->display("assetview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT asset_id, asset_name, asset_hostname, asset_info, asset_intf,
            assetclass_id, asset_type
 	FROM asset
 	WHERE asset_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("asset", $sth->fetch(PDO::FETCH_OBJ));
 // Type selection
 $smarty->assign("type_ids", ['active', 'passive']);
 $smarty->assign("type_names", ['Active', 'Passive']);
 $smarty->assign("assetclass_options", db_get_options_assetclass());
 $smarty->display("assetedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 // asset to delete	
 $sth = $dbh->prepare("SELECT asset_name FROM asset WHERE asset_id=?");
 $sth->execute([$id]);
 $smarty->assign("asset_id", $id);
 $smarty->assign("asset_name", $sth->fetchColumn());
 // nodes to delete
 $sql = "SELECT node_id, node_ip FROM node WHERE asset_id=? ORDER BY INET_ATON(node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$asset_id]);
 $smarty->assign("nodes", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetdel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/assetadd.php
+++ b/assetadd.php
@ -1,33 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if((isset($_GET['assetclass_id'])) ? $assetclass_id = sanitize($_GET['assetclass_id']) : $assetclass_id = "");
 include("header.php");
 $query = "SELECT
 	assetclass_id,
 	assetclass_name
 FROM
 	assetclass
 ORDER BY
 	assetclass_name";
 $assetclasses = $db->db_select($query);
 foreach ($assetclasses as $assetclass) {
 	$assetclass_options[$assetclass['assetclass_id']] =  $assetclass['assetclass_name'];
 }
 $smarty->assign("assetclass_options", $assetclass_options);
 $smarty->display("assetadd.tpl");
 include("footer.php");
 ?>
--- a/assetclass.php
+++ b/assetclass.php
@ -8,23 +8,167 @@ SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'insert':
        $name = sanitize($_POST['assetclass_name']);
        $description = sanitize($_POST['assetclass_description']);
        $group_id = sanitize($_POST['assetclassgroup_id']);
        $sql = "INSERT INTO assetclass
                      (assetclass_name, assetclass_description, assetclassgroup_id)
            VALUE
                (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        try {
            $sth->execute([$name, $description, $group_id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break;
    case 'update':
        $name = sanitize($_POST['assetclass_name']);
        $description = sanitize($_POST['assetclass_description']);
        $group_id = sanitize($_POST['assetclassgroup_id']);
        $sql = "UPDATE assetclass SET
                    assetclass_name=?, assetclass_description=?,
                    assetclassgroup_id=?
                WHERE assetclass_id=?";
        $sth = $dbh->prepare($sql);
        try {
            $sth->execute([$name, $description, $group_id, $id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("SELECT COUNT(*) FROM asset WHERE assetclass_id=?");
        $sth->execute([$id]);
        if ($sth->fetchColumn() > 0) {
            $g_warning->Add("Objektklasse kann nicht gelöscht werden, da noch zugeordnete Objekte vorhanden sind.");
            $action = ACT_VIEW;
            break;
        }
        $sth = $dbh->prepare("DELETE FROM assetclass WHERE assetclass_id=?");
        try {
            $sth->execute([$id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
-$query = "SELECT
+if ($action == ACT_DEFAULT):
-		a.assetclass_id,
+// ========== VARIANT: default behavior =======================================
 		a.assetclass_name,
 		g.assetclassgroup_id,
 		g.assetclassgroup_name,
 		g.assetclassgroup_color
 	FROM
 		assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
 	ORDER BY
 		a.assetclass_name";
-$assetclasses = $db->db_select($query);
+$sql = "SELECT c.assetclass_id AS id, c.assetclass_name AS name, c.assetclassgroup_id AS group_id,
            g.assetclassgroup_name AS group_name, g.assetclassgroup_color AS color,
            COUNT(a.asset_id) AS count_asset
        FROM assetclass AS c
            LEFT JOIN assetclassgroup AS g USING (assetclassgroup_id)
            LEFT JOIN asset AS a USING (assetclass_id)
        GROUP BY id, name, group_id, group_name, color
        ORDER BY c.assetclass_name";
 $sth = $dbh->query($sql);
 $smarty->assign("assetclasses", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->assign("assetclasses", $assetclasses);
 $smarty->display("assetclass.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 if (isset($_GET['assetclassgroup_id'])) {
    $group_id = sanitize($_GET['assetclassgroup_id']);
 } else {
    $group_id = '';
 }
 $smarty->assign("group_id", $group_id);
 $smarty->assign("assetclassgroup_options", db_get_options_assetclassgroup());
 $smarty->display("assetclassadd.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 $sql = "SELECT a.assetclass_id, a.assetclass_name, g.assetclassgroup_id,
            a.assetclass_description,
            g.assetclassgroup_name, g.assetclassgroup_color
        FROM assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
        WHERE a.assetclass_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 $sql = "SELECT asset_id, asset_name,
            CONCAT(LEFT(asset_info, 80), IF(CHAR_LENGTH(asset_info)>80,'...','')) AS asset_info
        FROM asset
        WHERE assetclass_id=?
        ORDER BY asset_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assets", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetclassview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT assetclass_id AS id, assetclass_name AS name,
            assetclass_description AS description,
            assetclassgroup_id AS group_id
        FROM assetclass
        WHERE assetclass_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("assetclassgroup_options", db_get_options_assetclassgroup());
 $smarty->display("assetclassedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $sql = "SELECT assetclass_id AS id, assetclass_name AS name
        FROM assetclass
        WHERE assetclass_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("assetclassdel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/assetclassadd.php
+++ b/assetclassadd.php
@ -1,20 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if((isset($_GET['assetclassgroup_id'])) ? $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']) : $assetclassgroup_id = "");
 include("header.php");
 $smarty->assign("assetclassgroup_options", $db->options_assetclassgroup());
 $smarty->display("assetclassadd.tpl");
 include("footer.php");
 ?>
--- a/assetclassdel.php
+++ b/assetclassdel.php
@ -1,32 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclass_id = sanitize($_GET['assetclass_id']);
 include("header.php");
 $query = "SELECT
 		assetclass_id,
 		assetclass_name
 	FROM
 		assetclass
 	WHERE
 		assetclass_id=" . $assetclass_id;
 $assetclass = $db->db_select($query);
 $smarty->assign("assetclass_id", $assetclass[0]['assetclass_id']);
 $smarty->assign("assetclass_name", $assetclass[0]['assetclass_name']);
 $smarty->display("assetclassdel.tpl");
 include("footer.php");
 ?>
--- a/assetclassedit.php
+++ b/assetclassedit.php
@ -1,35 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclass_id = sanitize($_GET['assetclass_id']);
 include("header.php");
 $query = "SELECT
 		assetclass_id,
 		assetclass_name,
 		assetclassgroup_id
 	FROM
 		assetclass
 	WHERE
 		assetclass_id=" . $assetclass_id;
 $assetclass = $db->db_select($query);
 $smarty->assign("assetclass_id", $assetclass[0]['assetclass_id']);
 $smarty->assign("assetclass_name", $assetclass[0]['assetclass_name']);
 $smarty->assign("assetclassgroup_id", $assetclass[0]['assetclassgroup_id']);
 $smarty->assign("assetclassgroup_options", $db->options_assetclassgroup());
 $smarty->display("assetclassedit.tpl");
 include("footer.php");
 ?>
--- a/assetclassgroup.php
+++ b/assetclassgroup.php
@ -9,21 +9,155 @@ SPDX-License-Identifier: GPL-3.0-or-later
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'insert':
        $name = sanitize($_POST['acg_name']);
        $color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
        $desc = sanitize($_POST['acg_description']);
        $sql = "INSERT INTO assetclassgroup
                    (assetclassgroup_name, assetclassgroup_color, assetclassgroup_description)
                VALUE
                    (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        try {
            $sth->execute([$name, $color, $desc]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break;
    case 'update':
        $acg_name = sanitize($_POST['acg_name']);
        $acg_desc = sanitize($_POST['acg_description']);
        $acg_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
        $sql = "UPDATE assetclassgroup SET
                    assetclassgroup_name=?, assetclassgroup_color=?, assetclassgroup_description=?
                WHERE assetclassgroup_id=?";
        $sth = $dbh->prepare($sql);
        try {
            $sth->execute([$acg_name, $acg_color, $acg_desc, $id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("SELECT COUNT(*) FROM assetclass WHERE assetclassgroup_id=?");
        $sth->execute([$id]);
        if ($sth->fetchColumn() > 0) {
            $g_warning->Add("Objektklassengruppe kann nicht gelöscht werden, da noch zugeordnete Objektklassen vorhanden sind.");
            $action = ACT_VIEW;
            break;
        }
        $sth = $dbh->prepare("DELETE FROM assetclassgroup WHERE assetclassgroup_id=?");
        try {
            $sth->execute([$id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 $smarty->assign("scripts", 'jscolor.js');
 include("header.php");
-$query = "SELECT
+if ($action == ACT_DEFAULT):
-	assetclassgroup_id,
+// ========== VARIANT: default behavior =======================================
 	assetclassgroup_name,
 	assetclassgroup_color
 FROM
 	assetclassgroup
 ORDER BY
 	assetclassgroup_name";
-$assetclassgroups = $db->db_select($query);
+$sql = "SELECT g.assetclassgroup_id AS id, g.assetclassgroup_name AS name,
            g.assetclassgroup_color AS color, g.assetclassgroup_description AS description,
            COUNT(c.assetclass_id) AS count_class
        FROM assetclassgroup AS g LEFT JOIN assetclass AS c USING (assetclassgroup_id)
        GROUP BY id, name, color, description
        ORDER BY g.assetclassgroup_name";
 $sth = $dbh->query($sql);
 $smarty->assign('assetclassgroups', $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->assign("assetclassgroups", $assetclassgroups);
 $smarty->display("assetclassgroup.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 $smarty->display("assetclassgroupadd.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 $sql = "SELECT assetclassgroup_id AS id,
            assetclassgroup_name AS name,
            assetclassgroup_color AS color,
            assetclassgroup_description AS description
        FROM assetclassgroup
        WHERE assetclassgroup_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
 $sql = "SELECT assetclass_id, assetclass_name
        FROM assetclass
        WHERE assetclassgroup_id=?
        ORDER BY assetclass_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclasses", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetclassgroupview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name,
            assetclassgroup_color AS color,
            assetclassgroup_description AS description
        FROM assetclassgroup
        WHERE assetclassgroup_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("assetclassgroupedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name
        FROM assetclassgroup
        WHERE assetclassgroup_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("assetclassgroupdel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/assetclassgroupadd.php
+++ b/assetclassgroupadd.php
@ -1,16 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 include("header.php");
 $smarty->display("assetclassgroupadd.tpl");
 include("footer.php");
 ?>
--- a/assetclassgroupdel.php
+++ b/assetclassgroupdel.php
@ -1,34 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
 include("header.php");
 $smarty->assign($lang);
 $query = "SELECT
 		assetclassgroup_id,
 		assetclassgroup_name
 	FROM
 		assetclassgroup
 	WHERE
 		assetclassgroup_id=" . $assetclassgroup_id;
 $assetclassgroup = $db->db_select($query);
 $smarty->assign("assetclassgroup_id", $assetclassgroup[0]['assetclassgroup_id']);
 $smarty->assign("assetclassgroup_name", $assetclassgroup[0]['assetclassgroup_name']);
 $smarty->display("assetclassgroupdel.tpl");
 include("footer.php");
 ?>
--- a/assetclassgroupedit.php
+++ b/assetclassgroupedit.php
@ -1,37 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
 $smarty->assign("scripts", 'jscolor.js');
 include("header.php");
 $smarty->assign($lang);
 $query = "SELECT
 		assetclassgroup_id,
 		assetclassgroup_name,
 		assetclassgroup_color
 	FROM
 		assetclassgroup
 	WHERE
 		assetclassgroup_id=" . $assetclassgroup_id;
 $assetclassgroup = $db->db_select($query);
 $smarty->assign("assetclassgroup_id", $assetclassgroup[0]['assetclassgroup_id']);
 $smarty->assign("assetclassgroup_name", $assetclassgroup[0]['assetclassgroup_name']);
 $smarty->assign("assetclassgroup_color", $assetclassgroup[0]['assetclassgroup_color']);
 $smarty->display("assetclassgroupedit.tpl");
 include("footer.php");
 ?>
--- a/assetclassgroupview.php
+++ b/assetclassgroupview.php
@ -1,47 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
 include("header.php");
 $query = "SELECT
 		assetclassgroup_id,
 		assetclassgroup_name,
 		assetclassgroup_color
 	FROM
 		assetclassgroup
 	WHERE
 		assetclassgroup_id=" . $assetclassgroup_id;
 $assetclassgroup = $db->db_select($query);
 $smarty->assign("assetclassgroup_id", $assetclassgroup[0]['assetclassgroup_id']);
 $smarty->assign("assetclassgroup_name", $assetclassgroup[0]['assetclassgroup_name']);
 $smarty->assign("assetclassgroup_color", $assetclassgroup[0]['assetclassgroup_color']);
 $query = "SELECT
 		assetclass_id,
 		assetclass_name
 	FROM
 		assetclass
 	WHERE
 		assetclassgroup_id=" . $assetclassgroup_id . "
 	ORDER BY
 		assetclass_name";
 $assetclasses = $db->db_select($query);
 $smarty->assign("assetclasses", $assetclasses);
 $smarty->display("assetclassgroupview.tpl");
 include("footer.php");
 ?>
--- a/assetclassview.php
+++ b/assetclassview.php
@ -1,51 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclass_id = sanitize($_GET['assetclass_id']);
 include("header.php");
  $query = "SELECT
 		a.assetclass_id, a.assetclass_name,
 		g.assetclassgroup_id, g.assetclassgroup_name, g.assetclassgroup_color
 	FROM
 		assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
 	WHERE
 		a.assetclass_id=" . $assetclass_id;
 $assetclass = $db->db_select($query);
 $smarty->assign("assetclass_id", $assetclass[0]['assetclass_id']);
 $smarty->assign("assetclass_name", $assetclass[0]['assetclass_name']);
 $smarty->assign("assetclass_selected", "");
 $smarty->assign("assetclassgroup_id", $assetclass[0]['assetclassgroup_id']);
 $smarty->assign("assetclassgroup_name", $assetclass[0]['assetclassgroup_name']);
 $smarty->assign("assetclassgroup_color", $assetclass[0]['assetclassgroup_color']);
 $query = "SELECT
 		asset_id,
 		asset_name,
 		CONCAT(LEFT(asset_info, 80), IF(CHAR_LENGTH(asset_info)>80,'...','')) AS asset_info
 	FROM
 		asset
 	WHERE
 		assetclass_id='" . $assetclass_id . "'
 	ORDER BY
 		asset_name";
 $assets = $db->db_select($query);
 $smarty->assign("assets", $assets);
 $smarty->display("assetclassview.tpl");
 include("footer.php");
 ?>
--- a/assetdel.php
+++ b/assetdel.php
@ -1,44 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $asset_id = sanitize($_GET['asset_id']);
 include("header.php");
 $query = "SELECT
 		asset_name
 	FROM
 		asset
 	WHERE
 		asset_id=" . $asset_id;
 $asset = $db->db_select($query);
 $smarty->assign("asset_id", $asset_id);
 $smarty->assign("asset_name", $asset[0]['asset_name']);
 $query = "SELECT
 		node_id,
 		node_ip
 	FROM
 		node
 	WHERE
 		asset_id=" . $asset_id . "
 	ORDER BY
 		INET_ATON(node_ip)";
 $nodes = $db->db_select($query);
 $smarty->assign("nodes", $nodes);
 $smarty->display("assetdel.tpl");
 include("footer.php");
 ?>
--- a/assetedit.php
+++ b/assetedit.php
@ -1,35 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $asset_id = sanitize($_GET['asset_id']);
 include("header.php");
 $query = "SELECT
 		asset_id,
 		asset_name,
 		asset_hostname,
 		asset_info,
 		assetclass_id
 	FROM
 		asset
 	WHERE
 		asset_id=" . $asset_id;
 $asset = $db->db_select($query);
 $smarty->assign("asset", $asset[0]);
 $smarty->assign("assetclass_options", $db->options_assetclass());
 $smarty->display("assetedit.tpl");
 include("footer.php");
 ?>
--- a/assetview.php
+++ b/assetview.php
@ -1,54 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $asset_id = sanitize($_GET['asset_id']);
 include("header.php");
 $query = "SELECT
 		a.asset_name,
 		a.asset_hostname,
 		a.asset_info,
 		c.assetclass_id,
 		c.assetclass_name
 	FROM
 		asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
 	WHERE
 		a.asset_id=" . $asset_id;
 $asset = $db->db_select($query);
 $smarty->assign("asset_id", $asset_id);
 $smarty->assign("asset_name", $asset[0]['asset_name']);
 $smarty->assign("asset_hostname", $asset[0]['asset_hostname']);
 $smarty->assign("asset_info", nl2br($asset[0]['asset_info']));
 $smarty->assign("assetclass_id", $asset[0]['assetclass_id']);
 $smarty->assign("assetclass_name", $asset[0]['assetclass_name']);
 $query = "SELECT
 		node_id,
 		node_ip,
 		LEFT(node_info, 40) as node_info
 	FROM
 		node
 	WHERE
 		asset_id=" . $asset_id . "
 	ORDER BY
 		INET_ATON(node_ip)";
 $nodes = $db->db_select($query);
 $smarty->assign("nodes", $nodes);
 $smarty->display("assetview.tpl");
 include("footer.php");
 ?>
--- a/assigniptonode.php
+++ b/assigniptonode.php
@ -1,35 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_ip = sanitize($_GET['node_ip']);
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $query = "SELECT
 		subnet_address,
 		subnet_mask
 	FROM
 		subnet
 	WHERE
 		subnet_id=" . $subnet_id;
 $subnet = $db->db_select($query);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_address", $subnet[0]['subnet_address']);
 $smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
 $smarty->assign("node_ip", $node_ip);
 $smarty->display("assigniptonode.tpl");
 include("footer.php");
 ?>
--- a/assignnodetoasset.php
+++ b/assignnodetoasset.php
@ -1,49 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $asset_id = sanitize($_GET['asset_id']);
 $node_ip = sanitize($_GET['node_ip']);
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $smarty->assign("node_ip", $node_ip);
 $smarty->assign("asset_id", $asset_id);
 $query = "SELECT
 		asset_id,
 		asset_name
 	FROM
 		asset
 	ORDER BY
 		asset_name";
 $assets = $db->db_select($query);
 foreach ($assets as $asset) {
 	$asset_options[$asset['asset_id']] =  $asset['asset_name'];
 }
 $smarty->assign("asset_options", $asset_options);
 $query = "SELECT subnet_id,
 		CONCAT_WS('/', subnet_address, subnet_mask) AS subnet_name
 	FROM subnet
 	ORDER BY INET_ATON(subnet_address)";
 $subnets = $db->db_select($query);
 foreach ($subnets as $subnet) {
 	$subnet_options[$subnet['subnet_id']] =  $subnet['subnet_name'];
 }
 $smarty->assign("subnet_options", $subnet_options);
 $smarty->display("assignnodetoasset.tpl");
 include("footer.php");
 ?>
--- a/cable.php
+++ b/cable.php
@ -0,0 +1,205 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if ($_SESSION['suser_role_admin'] == 0) {
    $g_error->add('Access denied!');
    $action = ACT_ERR_DENIED;
 }
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 $ctypes = array('copper' => 'Copper', 'fibre' => 'Fibre',
                'laser' => 'Laserlink', 'radio' => 'Radiolink');
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'insert':
        $description = sanitize($_POST['description']);
        $length = sanitize($_POST['length']);
        $color = sanitize($_POST['color']);
        $type = sanitize($_POST['cable_type']);
        $links = sanitize($_POST['links']);
        $info = sanitize($_POST['info']);
        $sql = "INSERT INTO cable
                    (cable_description, cable_color, cable_type, cable_links, 
                    cable_length, cable_info)
                VALUES
                    (:description, :color, :type, :links, 
                    :length, :info)";
        $sth = $dbh->prepare($sql);
        try {
            $sth->bindValue(':description', $description, PDO::PARAM_STR);
            $sth->bindValue(':length', $length, PDO::PARAM_INT);
            $sth->bindValue(':color', $color, PDO::PARAM_STR);
            $sth->bindValue(':type', $type, PDO::PARAM_STR);
            $sth->bindValue(':links', $info, PDO::PARAM_INT);
            $sth->bindValue(':info', $info, PDO::PARAM_STR);
            $sth->execute();
            $id = $dbh->lastInsertId();
            $action = ACT_VIEW;
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
            if ($e->getCode() == 23000) {
                // duplicate key
                $g_warning->Add("Save failed");
                $g_warning->Add("Cable description '$description' already in use!");
            }
            // reassign entered values
            $smarty->assign('length', $length);
            $smarty->assign('type', $type);
            $smarty->assign('links', $links);
            $smarty->assign('color', $color);
            $smarty->assign('info', $info);
            $action = ACT_ADD;
        }
        break;
    case 'update':
        $description = sanitize($_POST['description']);
        $color = sanitize($_POST['color']);
        $length = sanitize($_POST['length']);
        $type = sanitize($_POST['cable_type']);
        $links = sanitize($_POST['links']);
        $info = sanitize($_POST['info']);
        $sql = "UPDATE cable
                SET cable_description=:desc,
                    cable_color=:color,
                    cable_length=:length,
                    cable_type=:type,
                    cable_links=:links,
                    cable_info=:info
                WHERE cable_id=:id";
        $sth = $dbh->prepare($sql);
        $sth->bindValue(':id', $id, PDO::PARAM_INT);
        $sth->bindValue(':desc', $description, PDO::PARAM_STR);
        $sth->bindValue(':length', $length, PDO::PARAM_INT);
        $sth->bindValue(':color', $color, PDO::PARAM_STR);
        $sth->bindValue(':type', $type, PDO::PARAM_STR);
        $sth->bindValue(':links', $links, PDO::PARAM_INT);
        $sth->bindValue(':info', $info, PDO::PARAM_STR);
        try {
            $sth->execute();
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("DELETE FROM cable WHERE cable_id=?");
        try {
            $sth->execute([$id]);
        } catch  (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 $smarty->assign("scripts", 'jscolor.js');
 include("header.php");
 // ========== PAGE CONTENT ====================================================
 if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 $sql = "SELECT cable_id AS id, cable_description AS description,
            cable_from_id, cable_to_id, cable_length, cable_links,
            cable_type, cable_color,
            CONCAT(LEFT(cable_info, 60), IF(CHAR_LENGTH(cable_info)>60,'...','')) AS info
        FROM cable
        ORDER BY cable_description";
 $sth = $dbh->query($sql);
 $smarty->assign("cables", $sth->fetchAll());
 $smarty->display("cable.tpl");
 elseif ($action == ACT_ADD):
 // ========== VARIANT: add record =============================================
 $smarty->assign('type_options', $ctypes);
 $smarty->display('cableadd.tpl');
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 $sql = "SELECT cable_id AS id, cable_description AS description,
            cable_from_id, cable_to_id, cable_length, cable_links,
            cable_type, cable_color AS color, cable_info AS info
        FROM cable
        WHERE cable_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign('cable', $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display('cableview.tpl');
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT cable_id AS id, cable_description AS description,
            cable_from_id, cable_to_id, cable_length, cable_links,
            cable_type, cable_color AS color, cable_info AS info
        FROM cable
        WHERE cable_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign('cable', $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign('type_options', $ctypes);
 $smarty->display('cableedit.tpl');
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $sth = $dbh->prepare("SELECT cable_description FROM cable WHERE cable_id=?");
 $sth->execute([$id]);
 $smarty->assign('id', $id);
 $smarty->assign('description', $sth->fetchColumn());
 $smarty->display('cabledel.tpl');
 elseif ($action == ACT_ERR_DENIED):
 // ========== ERROR ACCESS TO PAGE DENIED =====================================
 if (isset($_SERVER['HTTP_REFERER'])) {
    echo '<p"><a href="', $_SERVER['HTTP_REFERER'], '">', "Back to last page</a></p>\n";
 }
 echo "<p></p>";
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
 ?>
--- a/comments.php
+++ b/comments.php
@ -1,22 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 include("header.php");
 $comments = sanitize($_GET['comments']);
 $smarty->assign("comments", $lang['lang_comments_' . $comments]);
 $smarty->display("comments.tpl");
 include("footer.php");
 ?>
--- a/config.php-sample
+++ b/config.php-sample
@ -7,6 +7,9 @@ Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 // application settings
 $config_app_session = 'ipreg';
 // db connection
 $config_mysql_host = 'localhost';
 $config_mysql_username = 'ipreg';
@ -21,4 +24,23 @@ $config_color_dynamic = 'e0e0e0';
 // language
 $config_lang_default = 'en';
-?>
+// auth
 $config_auth_ldap = false;
 $config_ldap_host = array('localhost', 'otherhost.example.com');
 $config_ldap_port = 389;
 $config_ldap_v3 = true;
 $config_ldap_base_dn = 'ou=organizationalunit,dc=example,dc=com';
 $config_ldap_login_attr = 'uid';
 // ldap search user
 $config_ldap_bind_dn = 'cn=dummy,ou=organizationalunit,dc=example,dc=com';
 $config_ldap_bind_pass = 'secret';
 // external systems
 $config_ext[] = [
    'zabbix' => ['enabled' => false,
                 'host' => 'localhost',
                 'db' => 'zabbix',
                 'user' => 'ipreg',
                 'pass' => 'topsecret']
    ];
--- a/dbconnect.php
+++ b/dbconnect.php
@ -1,13 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 $dblink = mysqli_connect($config_mysql_host,$config_mysql_username,$config_mysql_password);
 mysqli_select_db($dblink, $config_mysql_dbname);
 ?>
--- a/footer.php
+++ b/footer.php
@ -1,13 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 $smarty->assign("config_version", $config_version);
 $smarty->display("footer.tpl");
 ?>
--- a/header.php
+++ b/header.php
@ -27,15 +27,38 @@ $smarty->assign("suser_name", $_SESSION['suser_displayname']);
 $smarty->assign("search", $search);
 // menu
-$smarty->assign("menu_assets", $_SESSION['suser_menu_assets']=='on');
+$menu = array();
-$smarty->assign("menu_assetclasses", $_SESSION['suser_menu_assetclasses']=='on');
+if ($_SESSION['suser_menu_assets']) {
-$smarty->assign("menu_assetclassgroups", $_SESSION['suser_menu_assetclassgroups']=='on');
+    $menu[] = '<a href="asset.php">' . $lang['lang_assets'] . "</a>\n";
-$smarty->assign("menu_locations", $_SESSION['suser_menu_locations']=='on');
+}
-$smarty->assign("menu_nodes", $_SESSION['suser_menu_nodes']=='on');
+if ($_SESSION['suser_menu_assetclasses']) {
-$smarty->assign("menu_subnets", $_SESSION['suser_menu_subnets']=='on');
+    $menu[] = '<a href="assetclass.php">' . $lang['lang_assetclasses'] . "</a>\n";
-$smarty->assign("menu_users", $_SESSION['suser_menu_users']=='on');
+}
-$smarty->assign("menu_vlans", $_SESSION['suser_menu_vlans']=='on');
+if ($_SESSION['suser_menu_assetclassgroups']) {
-$smarty->assign("menu_zones", $_SESSION['suser_menu_zones']=='on');
+    $menu[] = '<a href="assetclassgroup.php">' . $lang['lang_assetclassgroups'] . "</a>\n";
 }
 if ($_SESSION['suser_menu_locations']) {
    $menu[] = '<a href="location.php">' . $lang['lang_locations'] . "</a>\n";
 }
 if ($_SESSION['suser_menu_nodes']) {
    $menu[] = '<a href="node.php">' . $lang['lang_nodes'] . "</a>\n";
 }
 if ($_SESSION['suser_menu_nats']) {
    $menu[] = '<a href="nat.php">' . $lang['lang_nats'] . "</a>\n";
 }
 if ($_SESSION['suser_menu_subnets']) {
    $menu[] = '<a href="subnet.php">' . $lang['lang_subnets'] . "</a>\n";
 }
 if ($_SESSION['suser_menu_vlans']) {
    $menu[] = '<a href="vlan.php">' . $lang['lang_vlans'] . "</a>\n";
 }
 if ($_SESSION['suser_menu_cables']) {
    $menu[] = '<a href="cable.php">' . $lang['lang_cables'] . "</a>\n";
 }
 if ($_SESSION['suser_menu_zones']) {
    $menu[] = '<a href="zone.php">' . $lang['lang_zones'] . "</a>\n";
 }
 $smarty->assign("menu", implode(' | ', $menu));
 $smarty->display("header.tpl");
-?>
+
--- a/image.php
+++ b/image.php
@ -7,75 +7,33 @@ Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
-include("includes.php");
+include('config.php');
-if(isset($_GET['icon'])) {
+session_name($config_app_session);
-	$icon = sanitize($_GET['icon']);
+session_start();
-	switch($icon) {
+function valid_color($color, $default='888888') {
-		case ("add") :
+    // safe return a 6 character color string in uppercase
-			$png = 'page_add';
+    // input can be length of 3 or 6
-		break;
+    if (! isset($color) or ! ctype_xdigit($color)) {
-		case ("back") :
+        return $default;
-			$png = 'control_rewind_blue';
+    }
-		break;
+    if(strlen($color) == 3) {
-		case ("cancel") :
+        // duplicate characters
-			$png = 'control_rewind_blue';
+        $col6 = '';
-		break;
+        for ($i=1; $i<=3; $i++) {
-		case ("comment") :
+            $col6 .= $color[$i].$color[$i];
-			$png = 'comment';
+        }
-		break;
+        return strtoupper($col6);
-		case ("delete") :
+    }
-			$png = 'page_delete';
+    return strtoupper($color);
 		break;
 		case ("shred") :
 			$png = 'bin';
 		break;
 		case ("edit") :
 			$png = 'page_edit';
 		break;
 		case ("error") :
 			$png = 'error';
 		break;
 		case ("help") :
 			$png = 'help';
 		break;
 		case ("logo") :
 			$png = 'logo';
 		break;
 		case ("next") :
 			$png = 'control_fastforward_blue';
 		break;
 		case ("save") :
 			$png = 'page_save';
 		break;
 		case ("search") :
 			$png = 'magnifier';
 		break;
 	}
 	$image = imagecreatefrompng("images/" . $png . ".png");
 	imagealphablending($image, true);
 	imagesavealpha($image, true);
 	header('Content-type: image/png');
 	imagepng($image);
 	imagedestroy($image);
 }
-if(isset($_GET['color'])) {
+$color = valid_color($_GET['color'], '444');
-	$color = sanitize($_GET['color']);
+$image = imagecreatetruecolor($_SESSION['suser_imagesize'], $_SESSION['suser_imagesize']);
 $color = imagecolorallocate($image, hexdec(substr($color,0,2)), hexdec(substr($color,2,2)), hexdec(substr($color,4,2)));
 imagefill($image, 0, 0, $color);
-	$image = imagecreatetruecolor($_SESSION['suser_imagesize'], $_SESSION['suser_imagesize']);
+header('Content-type: image/png');
-	
+imagepng($image);
-	$color = imagecolorallocate($image, hexdec(substr($color,0,2)), hexdec(substr($color,2,2)), hexdec(substr($color,4,2)));
+imagedestroy($image);
 	imagefill($image, 0, 0, $color);
 	header('Content-type: image/png');
 	imagepng($image);
 	imagedestroy($image);
 }
 ?>
--- a/images/page_add.png
+++ b/images/page_add.png
--- a/images/admin.png
+++ b/images/admin.png
--- a/images/asset.png
+++ b/images/asset.png
--- a/images/brick.png
+++ b/images/brick.png
--- a/images/brick_add.png
+++ b/images/brick_add.png
--- a/images/brick_delete.png
+++ b/images/brick_delete.png
--- a/images/brick_edit.png
+++ b/images/brick_edit.png
--- a/images/bricks.png
+++ b/images/bricks.png
--- a/images/cancel.png
+++ b/images/cancel.png
--- a/images/page_delete.png
+++ b/images/page_delete.png
--- a/images/disconnect.png
+++ b/images/disconnect.png
--- a/images/page_edit.png
+++ b/images/page_edit.png
--- a/images/control_fastforward_blue.png
+++ b/images/control_fastforward_blue.png
--- a/images/information.png
+++ b/images/information.png
--- a/images/key_add.png
+++ b/images/key_add.png
--- a/images/manage.png
+++ b/images/manage.png
--- a/images/nat.png
+++ b/images/nat.png
--- a/images/note.png
+++ b/images/note.png
--- a/images/plugin.png
+++ b/images/plugin.png
--- a/images/control_rewind_blue.png
+++ b/images/control_rewind_blue.png
--- a/images/page_save.png
+++ b/images/page_save.png
--- a/images/settings.png
+++ b/images/settings.png
--- a/images/tag.png
+++ b/images/tag.png
--- a/images/tag_add.png
+++ b/images/tag_add.png
--- a/images/tag_delete.png
+++ b/images/tag_delete.png
--- a/images/tag_edit.png
+++ b/images/tag_edit.png
--- a/includes.php
+++ b/includes.php
@ -7,20 +7,29 @@ Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
-session_name('ipreg');
+include('config.php');
 session_name($config_app_session);
 session_start();
-// check for user_id, if unnkown, redirect to login
+// check for user_id, if unknown, redirect to login
-if(empty($_SESSION['suser_id'])) {
+if (empty($_SESSION['suser_id'])) {
-	header("Location: login.php");
+    if (isset($_SERVER['REQUEST_URI'])) {
-	exit;
+        $_SESSION['prelogin'] = $_SERVER['REQUEST_URI'];
    }
    header("Location: login.php");
    exit;
 }
-include("config.php");
+// required config vars, may be overwritten later
-include("dbconnect.php");
+$config_auth_ldap = false;
 $config_ext = array();
 // connect to database
 $dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charset=utf8", $config_mysql_username, $config_mysql_password);
 $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
 include("lib.php");
-$language = lang_getfrombrowser($config_lang, $config_lang_default, null, false);
+// $language = lang_getfrombrowser($config_lang, $config_lang_default);
 ?>
--- a/index.php
+++ b/index.php
@ -11,59 +11,48 @@ include("includes.php");
 include("header.php");
-// asset
+// Statistics
 $query = "SELECT
 		COUNT(asset_id) AS asset_counter
 	FROM
 		asset";
-$assets = $db->db_select($query);
+// asset
-$smarty->assign("asset_counter", $assets[0]['asset_counter']);
+$sth = $dbh->query("SELECT COUNT(asset_id) FROM asset");
 $smarty->assign("asset_counter", $sth->fetchColumn());
 // assetclass
 $sth = $dbh->query("SELECT COUNT(assetclass_id) AS asset_counter FROM assetclass");
 $smarty->assign("assetclass_counter", $sth->fetchColumn());
 // assetclassgroup
 $sth = $dbh->query("SELECT COUNT(assetclassgroup_id) FROM assetclassgroup");
 $smarty->assign("assetclassgroup_counter", $sth->fetchColumn());
 // location
-$query = "SELECT
+$sth = $dbh->query("SELECT COUNT(location_id) FROM location");
-		COUNT(location_id) AS location_counter
+$smarty->assign("location_counter", $sth->fetchColumn());
 	FROM
 		location";
 $locations = $db->db_select($query);
 $smarty->assign("location_counter", $locations[0]['location_counter']);
 // node
-$query = "SELECT
+$sth = $dbh->query("SELECT COUNT(node_id) FROM node");
-		COUNT(node_id) AS node_counter
+$smarty->assign("node_counter", $sth->fetchColumn());
 	FROM
 		node";
 $nodes = $db->db_select($query);
 $smarty->assign("node_counter", $nodes[0]['node_counter']);
 // subnet
-$query = "SELECT
+$sth = $dbh->query("SELECT COUNT(subnet_id) FROM subnet");
-		COUNT(subnet_id) AS subnet_counter
+$smarty->assign("subnet_counter", $sth->fetchColumn());
-	FROM
+
-		subnet";
+//  nat
-$subnets = $db->db_select($query);
+$sth = $dbh->query("SELECT COUNT(nat_id) FROM nat");
-$smarty->assign("subnet_counter", $subnets[0]['subnet_counter']);
+$smarty->assign("nat_counter", $sth->fetchColumn());
 //  vlan
-$query = "SELECT
+$sth = $dbh->query("SELECT COUNT(vlan_id) FROM vlan");
-		COUNT(vlan_id) AS vlan_counter
+$smarty->assign("vlan_counter", $sth->fetchColumn());
 	FROM
 		vlan";
 $vlans = $db->db_select($query);
 $smarty->assign("vlan_counter", $vlans[0]['vlan_counter']);
 // zone
-$query = "SELECT
+$sth = $dbh->query("SELECT COUNT(zone_id) FROM zone");
-		COUNT(zone_id) AS zone_counter
+$smarty->assign("zone_counter", $sth->fetchColumn());
-	FROM
+
-		zone";
+// cable
-$zones = $db->db_select($query);
+$sth = $dbh->query("SELECT COUNT(cable_id) FROM cable");
-$smarty->assign("zone_counter", $zones[0]['zone_counter']);
+$smarty->assign("cable_counter", $sth->fetchColumn());
 $smarty->display("index.tpl");
-include("footer.php");
+$smarty->display("footer.tpl");
 ?>
--- a/install/index.php
+++ b/install/index.php
@ -0,0 +1,121 @@
 <?php
 $failure = false;
 ?>
 <!DOCTYPE html>
 <html>
 <head>
 <title>Install</title>
 </head>
 <body>
 <h1>Installation check</h1>
 <?php
 // PDO
 $ext = get_loaded_extensions();
 $msg = '<p>PDO database interface: <span style="color:%s">%s</span>'."</p>\n";
 $failure = ! in_array('PDO', $ext);
 $res = $failure ? ['red', 'Error'] : ['green', 'OK'];
 echo vsprintf($msg, $res);
 // config file
 if (! $failure) {
    $conffile = '../config.php';
    $perms = fileperms($conffile);
    if ($perms & 0x07) {
        echo '<p>Config file world readable: <span style="color:red">Error</span>', "</p>\n";
    }
    if ($perms & 0x10) {
        echo '<p>Config file writeable by webserver: <span style="color:red">Error</span>', "</p>\n";
    }
    $msg = '<p>Read config file: <span style="color:%s">%s</span>'."</p>\n";
    $failure = (! include($conffile));
    $res = $failure ? ['red', 'Error'] : ['green', 'OK'];
    echo vsprintf($msg, $res);
 } else {
    echo "<p>Configfile correct?</p>";
 }
 // Database connection
 if (! $failure) {
    try {
        $dbh = new PDO("mysql:host=$config_mysql_host", $config_mysql_username, $config_mysql_password);
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    } catch (PDOException $e) {
        $details = "<pre>" . $e->getMessage() . "</pre>\n";
        $failure = true;
    }
    $msg = '<p>Database connection: <span style="color:%s">%s</span>'."</p>\n";
    $res = $failure ? ['red', 'Error'] : ['green', 'OK'];
    echo vsprintf($msg, $res);
    if ($failure) {
        echo $details;
    }
 } else {
    echo "<p>Database connection available?</p>\n";
 }
 // Ipreg database exists
 if (! $failure) {
    $sql = "SELECT SCHEMA_NAME FROM
            INFORMATION_SCHEMA.SCHEMATA
            WHERE SCHEMA_NAME=?";
    $sth = $dbh->prepare($sql);
    $sth->execute([$config_mysql_dbname]);
    $failure = ! $sth->fetchColumn();
    $msg = '<p>Database exists: <span style="color:%s">%s</span>'."</p>\n";
    $res = $failure ? ['red', 'Error'] : ['green', 'OK'];
    echo vsprintf($msg, $res);
    $dbh->query("USE $config_mysql_dbname");
 } else {
    echo "<p>Database available?</p>\n";
 }
 ?>
 <h2>Rights</h2>
 <?php
 // Admin-user?
 if (! $failure) {
    $admincount = 0;
    // Admin count
    $sql = "SELECT user_id FROM user WHERE FIND_IN_SET('admin',user_role)>0";
    $sth = $dbh->query($sql);
    $adminlist = $sth->fetchAll(PDO::FETCH_ASSOC);
    $admincount = count($adminlist);
    if ($admincount == 0) {
        echo '<p>No admin user exists: <span style="color:red">Error</span>'."</p>\n";
    }
    // Default admin
    $sql = "SELECT user_pass FROM user WHERE user_name='admin' AND FIND_IN_SET('admin',user_role)>0";
    $sth = $dbh->query($sql);
    if ($rec = $sth->fetchColumn()) {
        // Check default password
        if ($rec == '$2y$10$HTs0lSaFrfr.q4Gmy5zWfeDg3jhYZkqEGZEnDkMiHZ641nso38mt6') {
           echo '<p>Password for default admin has not been changed: <span style="color:orange">Warning</span>'."</p>\n";
        } else {
           echo '<p>Default admin exists: <span style="color:green">OK</span>'."</p>\n";
        }
    } else {
        echo "<p>Default admin does not exist.</p>\n";
        if ($admincount > 0) {
            echo '<p>There are more admin accounts: <span style="color:green">OK</span>', "</p>\n";
        }
    }
 } else {
    echo "<p>Administrative user available?</p>\n";
 }
 // Smarty
 $compiledir = '../tpl_c';
 $failure = ! is_writeable($compiledir);
 $msg = '<p>Smarty compile directory writable: <span style="color:%s">%s</span>'."</p>\n";
 $res = $failure ? ['red', 'Error'] : ['green', 'OK'];
 echo vsprintf($msg, $res);
 ?>
 <h2>Summary</h2>
 <p>If everything here checks ok the installation directory <tt>install</tt>
 should be removed.</p>
 </body>
 </html>
--- a/install/install.txt
+++ b/install/install.txt
@ -1,6 +1,8 @@
 IP Reg Installation
 1. Install requirements
 Minimum PHP version is 7.4, we are using arrow functions introduced 
 in that version.
 IP Reg version 0.6 and up depends on smarty template engine.
 In Debian install it with: "apt-get install smarty3".
 The PHP-GD module is also required: "apt-get install php-gd".
--- a/install/mysql.sql
+++ b/install/mysql.sql
@ -4,6 +4,9 @@ CREATE TABLE asset (
  asset_hostname varchar(100) DEFAULT NULL,
  assetclass_id int(10) NOT NULL,
  asset_info text DEFAULT NULL,
  asset_intf smallint(5) UNSIGNED NOT NULL DEFAULT 1,
  asset_location int(10) DEFAULT NULL,
  asset_type enum ('active','passive') NOT NULL DEFAULT 'active',
  PRIMARY KEY (asset_id),
  INDEX ix_asset_name (asset_name)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
@ -12,6 +15,7 @@ CREATE TABLE assetclass (
  assetclass_id int(10) NOT NULL AUTO_INCREMENT,
  assetclassgroup_id int(10) NOT NULL,
  assetclass_name varchar(100) NOT NULL,
  assetclass_description varchar(100) DEFAULT NULL,
  PRIMARY KEY (assetclass_id),
  INDEX ix_assetclass_name (assetclass_name)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
@ -19,17 +23,55 @@ CREATE TABLE assetclass (
 CREATE TABLE assetclassgroup (
  assetclassgroup_id int(10) NOT NULL AUTO_INCREMENT,
  assetclassgroup_name varchar(100) NOT NULL,
-  assetclassgroup_color varchar(6) NOT NULL DEFAULT '000000',
+  assetclassgroup_color char(6) NOT NULL DEFAULT '000000',
  assetclassgroup_description varchar(100) DEFAULT NULL,
  PRIMARY KEY (assetclassgroup_id),
  INDEX ix_assetclassgroup_name (assetclassgroup_name)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 CREATE TABLE cable (
  cable_id int(10) NOT NULL AUTO_INCREMENT,
  cable_description varchar(100) NOT NULL,
  cable_from_id int(10) DEFAULT NULL,
  cable_to_id int(10) DEFAULT NULL,
  cable_length smallint(5) UNSIGNED DEFAULT NULL,
  cable_links smallint(5) UNSIGNED DEFAULT 1,
  cable_type enum('copper','fibre','laser','radio') DEFAULT NULL,
  cable_color char(6) NOT NULL DEFAULT '000000',
  cable_info text DEFAULT NULL,
  PRIMARY KEY (cable_id),
  UNIQUE INDEX ix_cable_description (cable_description)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 -- WIP
 CREATE TABLE cablevlan (
  cablevlan_id int(10) NOT NULL AUTO_INCREMENT,
  cable_id int(10) NOT NULL,
  vlan_id int(10) NOT NULL,
  PRIMARY KEY (cablevlan_id)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 -- WIP
 -- Reference to external systems
 -- class 1=asset; per ext type different class-ids possible
 CREATE TABLE extlink (
  extlink_id int(10) NOT NULL AUTO_INCREMENT,
  asset_id int(10) NOT NULL,
  extlink_type enum('cdb','zabbix', 'topdesk') NOT NULL DEFAULT 'cdb',
  extlink_class tinyint(4) NOT NULL DEFAULT 1,
  extlink_refid int(10) DEFAULT NULL,
  extlink_uid varchar(65) DEFAULT NULL,
  PRIMARY KEY (extlink_id),
  INDEX ix_extlink_asset_id (asset_id)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 CREATE TABLE location (
  location_id int(10) NOT NULL AUTO_INCREMENT,
  location_name varchar(100) NOT NULL,
  location_parent int(10) NOT NULL DEFAULT 0,
  location_info text DEFAULT NULL,
-  location_sort int(11) NOT NULL DEFAULT 0,
+  location_type enum('location', 'building','room','rack') NOT NULL DEFAULT 'location',
  location_sort smallint(6) NOT NULL DEFAULT 0,
  PRIMARY KEY (location_id),
  INDEX ix_location_sort (location_sort),
  INDEX ix_location_name (location_name)
@ -40,6 +82,9 @@ CREATE TABLE nat (
  nat_type int(1) NOT NULL,
  nat_ext int(10) NOT NULL,
  nat_int int(10) NOT NULL,
  nat_ext_port smallint(5) UNSIGNED DEFAULT NULL,
  nat_int_port smallint(5) UNSIGNED DEFAULT NULL,
  nat_description varchar(100) DEFAULT NULL,
  PRIMARY KEY (nat_id)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
@ -54,7 +99,10 @@ CREATE TABLE node (
  zone_id int(10) DEFAULT NULL,
  node_info text DEFAULT NULL,
  node_type enum('v4','v6') NOT NULL DEFAULT 'v4',
-  PRIMARY KEY (node_id)
+  node_flags set('deleted','reserved') DEFAULT NULL,
  PRIMARY KEY (node_id),
  INDEX ix_ip (node_ip),
  INDEX ix_mac (node_mac)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 CREATE TABLE subnet (
@ -66,7 +114,8 @@ CREATE TABLE subnet (
  subnet_info text DEFAULT NULL,
  protocol_version tinyint(1) NOT NULL DEFAULT 4,
  ntp_server varchar(45) DEFAULT NULL,
-  PRIMARY KEY (subnet_id)
+  PRIMARY KEY (subnet_id),
  UNIQUE INDEX ix_subnet (subnet_address, subnet_mask)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 CREATE TABLE subnetlocation (
@ -85,8 +134,9 @@ CREATE TABLE subnetvlan (
 CREATE TABLE user (
  user_id int(10) NOT NULL AUTO_INCREMENT,
  user_realm enum ('local','ldap') NOT NULL DEFAULT 'local',
  user_name varchar(100) NOT NULL,
-  user_pass varchar(32) NOT NULL,
+  user_pass binary(60) NOT NULL,
  user_displayname varchar(100) NOT NULL,
  user_language char(2) NOT NULL DEFAULT 'en',
  user_imagesize int(3) NOT NULL DEFAULT 6,
@ -95,47 +145,44 @@ CREATE TABLE user (
  user_dateformat varchar(10) NOT NULL DEFAULT 'd M Y H:i',
  user_dns1suffix varchar(100) DEFAULT NULL,
  user_dns2suffix varchar(100) DEFAULT NULL,
  user_menu_assets varchar(2) NOT NULL DEFAULT 'on',
  user_menu_assetclasses varchar(2) NOT NULL DEFAULT 'on',
  user_menu_assetclassgroups varchar(2) NOT NULL DEFAULT 'on',
  user_menu_locations varchar(2) NOT NULL DEFAULT 'on',
  user_menu_nodes varchar(2) NOT NULL DEFAULT 'on',
  user_menu_subnets varchar(2) NOT NULL DEFAULT 'on',
  user_menu_users varchar(2) NOT NULL DEFAULT 'on',
  user_menu_vlans varchar(2) NOT NULL DEFAULT 'on',
  user_menu_zones varchar(2) NOT NULL DEFAULT 'on',
  user_tooltips varchar(2) NOT NULL DEFAULT 'on',
  user_menu set('asset','cable','class','group','location','nat','node',
                'subnet','vlan','zone') NOT NULL DEFAULT 'asset,class,group,location,node,subnet,vlan',
  user_role set('add','edit','delete','manage','admin') DEFAULT NULL,
  user_flags set('deleted','locked'),
  PRIMARY KEY (user_id),
  UNIQUE INDEX ix_username (user_name)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-INSERT INTO user (user_name, user_pass, user_displayname) VALUES
+INSERT INTO user (user_name, user_pass, user_displayname, user_role) VALUES
-('admin', '21232f297a57a5a743894a0e4a801fc3', 'administrator');
+('admin', '$2y$10$HTs0lSaFrfr.q4Gmy5zWfeDg3jhYZkqEGZEnDkMiHZ641nso38mt6', 'Administrator', 'admin');
 CREATE TABLE vlan (
  vlan_id int(10) NOT NULL AUTO_INCREMENT,
  vlan_number int(3) NOT NULL,
  vlan_name varchar(100) NOT NULL,
  vlan_color char(6) NOT NULL DEFAULT '000000',
  vlan_info text DEFAULT NULL,
  PRIMARY KEY (vlan_id)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 CREATE TABLE zone (
  zone_id int(10) NOT NULL AUTO_INCREMENT,
-  zone_soa varchar(40) CHARACTER SET utf8 NOT NULL,
+  zone_soa varchar(40) NOT NULL,
-  zone_hostmaster varchar(40) CHARACTER SET utf8 NOT NULL,
+  zone_hostmaster varchar(40) NOT NULL,
-  zone_origin varchar(40) CHARACTER SET utf8 NOT NULL,
+  zone_origin varchar(40) NOT NULL,
-  zone_ttl_default varchar(10) CHARACTER SET utf8 NOT NULL DEFAULT '3D',
+  zone_ttl_default varchar(10) NOT NULL DEFAULT '3D',
-  zone_refresh varchar(10) CHARACTER SET utf8 NOT NULL DEFAULT '8H',
+  zone_refresh varchar(10) NOT NULL DEFAULT '8H',
-  zone_retry varchar(10) CHARACTER SET utf8 NOT NULL DEFAULT '2H',
+  zone_retry varchar(10) NOT NULL DEFAULT '2H',
-  zone_expire varchar(10) CHARACTER SET utf8 NOT NULL DEFAULT '4W',
+  zone_expire varchar(10) NOT NULL DEFAULT '4W',
-  zone_ttl varchar(10) CHARACTER SET utf8 NOT NULL DEFAULT '1D',
+  zone_ttl varchar(10) NOT NULL DEFAULT '1D',
  zone_serial int(10) unsigned NOT NULL,
-  zone_ns1 varchar(20) CHARACTER SET utf8 NOT NULL,
+  zone_ns1 varchar(20) NOT NULL,
-  zone_ns2 varchar(20) CHARACTER SET utf8 DEFAULT NULL,
+  zone_ns2 varchar(20) DEFAULT NULL,
-  zone_ns3 varchar(20) CHARACTER SET utf8 DEFAULT NULL,
+  zone_ns3 varchar(20) DEFAULT NULL,
-  zone_mx1 varchar(20) CHARACTER SET utf8 DEFAULT NULL,
+  zone_mx1 varchar(20) DEFAULT NULL,
-  zone_mx2 varchar(20) CHARACTER SET utf8 DEFAULT NULL,
+  zone_mx2 varchar(20) DEFAULT NULL,
-  zone_info text CHARACTER SET utf8 DEFAULT NULL,
+  zone_info text DEFAULT NULL,
-  PRIMARY KEY (zone_id)
+  PRIMARY KEY (zone_id),
  UNIQUE INDEX ix_zone_origin (zone_origin)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
--- a/install/mysql_sample.sql
+++ b/install/mysql_sample.sql
@ -1,8 +1,11 @@
 INSERT INTO asset (asset_name, assetclass_id) VALUES
-('Computer', 1),
+('Computer Alice', 1),
 ('Computer Bob', 1),
 ('Computer Admin', 1),
 ('Server', 3),
 ('Printer', 4),
-('Firewall', 6);
+('Firewall', 6),
 ('Air Condition System', 8);
 INSERT INTO assetclass (assetclassgroup_id, assetclass_name) VALUES
 (1, 'Desktop'),
@ -11,7 +14,8 @@ INSERT INTO assetclass (assetclassgroup_id, assetclass_name) VALUES
 (3, 'Printer'),
 (4, 'Switch'),
 (4, 'Firewall'),
-(5, 'Scanner');
+(5, 'Scanner'),
 (5, 'Other');
 INSERT INTO assetclassgroup (assetclassgroup_name, assetclassgroup_color) VALUES
 ('Personal Computer', '000000'),
@ -49,8 +53,14 @@ INSERT INTO subnetlocation (subnet_id, location_id) VALUES
 INSERT INTO subnetvlan (subnet_id, vlan_id) VALUES
 (1, 1);
 INSERT INTO user (user_name, user_pass, user_displayname) VALUES
 ('alice', '$2y$10$CTq04qodeKZBgeuShC3E..cEzfh.SDlaoOEUWcCXXHPDvXJ51nGdq', 'Alice'),
 ('bob', '$2y$10$hl4NN4lOyuz7KN0ZjLHbOuCqGi08GVaTvl/RiMcL1mbFqGmtzDN76', 'Bob');
 INSERT INTO vlan (vlan_number, vlan_name) VALUES
-(1, 'DEFAULT_VLAN');
+(1, 'DEFAULT_VLAN'),
 (2, 'WLAN'),
 (3, 'DMZ');
 INSERT INTO zone (zone_soa, zone_origin, zone_hostmaster, zone_serial, zone_ns1) VALUES
-('ns1.example.com.', 'example.com.', 'hostmaster@example.com', '2023021301', 'ns1.example.com');
+('ns1.example.com.', 'example.com.', 'hostmaster.example.com.', '2023021301', 'ns1.example.com');
--- a/install/upgrade.txt
+++ b/install/upgrade.txt
@ -0,0 +1,24 @@
 IP Reg Upgrading
 This version has still not reached version 1.0 (feature complete).
 As such, there may be changes at any time.
 There is no database upgrade logic so the database structure has
 to be compared manually.
 1. Check and upgrade database schema 
 Compare current database schema with the contents of the database
 creation script "mysql.sql".
 Create missing objects in your current database.
 2. Install new version 
 Install the new application in a new location.
 Copy the configuration file "config.php" to new installation.
 Compare the configuration to the sample config.
 There may be additional settings that you want to customize.
 3. Switch to new version
 Rename the old and new directory.
 4. Done
 If everything works fine you could remove the old directory.
--- a/lang/de.php
+++ b/lang/de.php
@ -9,9 +9,13 @@ $lang = array(
    'lang_assetclasses' => 'Objektklassen',
    'lang_assetclassgroup' => 'Objektklassengruppe',
    'lang_assetclassgroups' => 'Objektklassengruppen',
    'lang_cable' => 'Kabel',
    'lang_cables' => 'Kabel',
    'lang_location' => 'Standort',
    'lang_locations' => 'Standorte',
    'lang_menu' => 'Menü',
    'lang_nat' => 'NAT',
    'lang_nats' => 'NATs',
    'lang_node' => 'Knoten',
    'lang_nodes' => 'Knoten',
    'lang_user' => 'Benutzer',
@ -27,9 +31,10 @@ $lang = array(
    'lang_vlans' => 'VLANs',
    'lang_about' => 'Über',
-    'lang_all' => 'Allw',
+    'lang_all' => 'Alle',
    'lang_cancel' => 'Abbruch',
    'lang_color' => 'Farbe',
    'lang_del' => 'Löschen',
    'lang_error' => 'Fehler',
    'lang_item' => 'Gegenstand',
    'lang_language' => 'Sprache',
@ -37,13 +42,22 @@ $lang = array(
    'lang_logout' => 'Abmelden',
    'lang_options' => 'Optionen',
    'lang_option_none' => '(kein)',
    'lang_pass_set' => 'Neues Kennwort einstellen',
    'lang_reset' => 'Zur&uuml;cksetzen',
    'lang_search' => 'Suche',
    'lang_statistics' => 'Statistik',
    'lang_subitem' => 'Sub-Item',
    'lang_submit' => 'Absenden',
    'lang_save' => 'Speichern',
    'lang_unassigned' => 'Nicht zugeordnet',
    'lang_warning' => 'Warnung',
    'lang_description' => 'Bezeichnung',
    'lang_empty' => 'leer',
    'lang_source' => 'Quelle',
    'lang_target' => 'Ziel',
    'lang_length' => 'L&auml;nge',
    'lang_flag_deleted' => 'gelöscht',
    'lang_flag_reserved' => 'reserviert',
    'lang_asset_add' => 'Objekt hinzufügen',
    'lang_asset_del' => 'Objekt löschen',
@ -52,17 +66,22 @@ $lang = array(
    'lang_asset_name' => 'Objektname',
    'lang_asset_hostname' => 'Hostname',
    'lang_asset_none' => 'Es sind keine Objekte vorhanden',
    'lang_asset_intf' => 'Anzahl Schnittstellen',
    'lang_asset_type' => 'Objekttyp',
    'lang_assetclass_add' => 'Objektklasse hinzufügen',
    'lang_assetclass_del' => 'Objektklasse löschen',
    'lang_assetclass_edit' => 'Objektklasse ändern',
    'lang_assetclass_name' => 'Objektklassenname',
    'lang_assetclass_desc' => 'Beschreibung',
    'lang_assetclass_count' => '# Objekte',
    'lang_assetclass_none' => 'Es sind keine Objektklassen vorhanden',
    'lang_assetclassgroup_add' => 'Objektklassengruppe hinzufügen',
    'lang_assetclassgroup_del' => 'Objektklassengruppe löschen',
    'lang_assetclassgroup_edit' => 'Objektklassengruppe ändern',
    'lang_assetclassgroup_name' => 'Objektklassengruppenname',
    'lang_assetclassgroup_count' => '# Klassen',
    'lang_assetclassgroup_none' => 'Es sind keine Objektklassengruppen vorhanden',
    'lang_assignnodetoasset' => 'Knoten zu Objekt hinzufügen',
@ -86,6 +105,7 @@ $lang = array(
    'lang_location_edit' => 'Standort ändern',
    'lang_location_info' => 'Standortinfo',
    'lang_location_name' => 'Standortname',
    'lang_location_hierarchy' => 'Standorthierarchie',
    'lang_location_parent' => 'Übergeordneter Standort',
    'lang_sublocation_add' => 'Unterstandort hinzufügen',
    'lang_location_none' => 'Es sind keine Standorte vorhanden',
@ -93,6 +113,13 @@ $lang = array(
    'lang_locationsubnet' => 'Standort/Subnetz',
    'lang_locationsubnet_edit' => 'Standort/Subnetz bearbeiten',
    'lang_cable_add' => 'Kabel hinzufügen',
    'lang_cable_del' => 'Kabel löschen',
    'lang_cable_edit' => 'Kabel ändern',
    'lang_cable_info' => 'Kabelinfo',
    'lang_cable_type' => 'Kabeltyp',
    'lang_cable_none' => 'Es sind keine Kabel vorhanden',
    'lang_node_add' => 'Knoten hinzufügen',
    'lang_node_del' => 'Knoten löschen',
    'lang_node_edit' => 'Knoten ändern',
@ -104,7 +131,6 @@ $lang = array(
    'lang_mac' => 'MAC-Adresse',
    'lang_proto_vers' => 'Protokollversion',
    'lang_nat' => 'NAT',
    'lang_nat_add' => 'NAT hinzufügen',
    'lang_nat_del' => 'NAT löschen',
    'lang_nat_edit' => 'NAT ändern',
@ -113,6 +139,7 @@ $lang = array(
    'lang_nat_type_1' => 'Verbergen',
    'lang_nat_type_2' => 'Statisch',
    'lang_nat_type_3' => 'Dynamisch',
    'lang_nat_none' => 'Es sind keine NAT-Regeln vorhanden',
    'lang_search_results_found' => 'Anzahl der gefundenen Ergebnisse: ',
@ -144,10 +171,17 @@ $lang = array(
    'lang_user_name' => 'Benutzername',
    'lang_user_password' => 'Kennwort',
    'lang_user_language' => 'Sprache',
    'lang_user_realm' => 'Realm',
    'lang_user_roles' => 'Rechte',
    'lang_user_role_add' => 'Anlegen',
    'lang_user_role_edit' => 'Bearbeiten',
    'lang_user_role_delete' => 'Löschen',
    'lang_user_role_manage' => 'Konfigurieren',
    'lang_user_role_admin' => 'Adminstration',
    'lang_zone_add' => 'Zone hinzufügen',
    'lang_zone_del' => 'Zone löschen',
-    'lang_zone_edit' => 'Zone bearbeiten',
+    'lang_zone_edit' => 'Zone ändern',
    'lang_zone_none' => 'Es sind keine Zonen vorhanden',
    'lang_vlan_add' => 'VLAN hinzufügen',
@ -171,8 +205,10 @@ $lang = array(
    'lang_comments_usernameinuse' => 'Benutzername wird bereits verwendet',
    'lang_comments_invalidpass' => 'Das Kennwort ist falsch',
    'lang_comments_invalidnewpass' => 'Das neue Kennwort wurde nicht korrekt eingegeben',
    'lang_comments_accessdenied' => 'Zugriff verweigert. Keine Berechtigung.',
    'lang_options_ipreg' => 'IP Reg Optionen',
    'lang_options_profile' => 'Aktuelles Benutzerprofil',
    'lang_options_display' => 'Anzeigeeinstellungen',
    'lang_options_password' => 'Kennwort ändern',
    'lang_options_imagesize' => 'Bildgröße',
@ -185,9 +221,9 @@ $lang = array(
    'lang_options_dateformat' => 'Datumsformat',
    'lang_options_dateformat_help' => 'Format in which dates are displayed using the php-date-format (see http://www.php.net/date for more info)',
    'lang_options_dns1suffix' => 'DNS Name suffix',
-    'lang_options_dns1suffix_help' => 'Default DNS Name suffix für neue Knoten',
+    'lang_options_dns1suffix_help' => 'Standard DNS Name Suffix für neue Knoten',
    'lang_options_dns2suffix' => 'DNS Alias suffix',
-    'lang_options_dns2suffix_help' => 'Default DNS Alias suffix für neue Knoten',
+    'lang_options_dns2suffix_help' => 'Standard DNS Alias Suffix für neue Knoten',
    'lang_options_currentpassword' => 'Aktuelles Kennwort',
    'lang_options_currentpassword_help' => 'Bitte geben Sie hier Ihr bisheriges Kennwort ein',
    'lang_options_newpassword1' => 'Neues Kennwort',
@ -207,12 +243,14 @@ $lang = array(
    'lang_about_license_ext' => 'Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)<br>Copyright (C) 2011-2023 Thomas Hooge<p>This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.<p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.<p> You should have received a copy of the GNU General Public License along with this program.  If not, see http://www.gnu.org/licenses/.',
    'lang_about_changelog' => 'Changelog (major changes only)',
    'lang_about_changelog_v09' => 'v0.9 (mar 2023)',
    'lang_about_changelog_v09_ext' => '- Changed database interface to PDO / prepared statements<br>- LDAP authentication<br>- User rights<br>- Improved internal menu system',
    'lang_about_changelog_v08' => 'v0.8 (feb 2023)',
    'lang_about_changelog_v08_ext' => '- Some small improvements and bugfixing<br>- Code simplification as preparation for big refactoring',
    'lang_about_changelog_v07' => 'v0.7 (oct 2018)',
    'lang_about_changelog_v07_ext' => '- Added support for PHP7, switched to mysqli',
    'lang_about_changelog_v06' => 'v0.6 (may 2011)',
-    'lang_about_changelog_v06_ext' => '- Moved towards smarty template engine<br />- language support finalized<br>- added german language<br>- some small bug fixes',
+    'lang_about_changelog_v06_ext' => '- Moved towards smarty template engine<br />- Language support finalized<br>- Added german language<br>- Some small bug fixes',
    'lang_about_changelog_v05' => 'v0.5 (dec 2009)',
    'lang_about_changelog_v05_ext' => '- Complete code rewrite<br>- Input sanitation<br>- Background image<br>- Added multiple counters<br>- HTML is now 100% W3C valid<br>- More user options',
    'lang_about_changelog_v04' => 'v0.4 (jun 2008)',
--- a/lang/en.php
+++ b/lang/en.php
@ -9,9 +9,13 @@ $lang = array(
    'lang_assetclasses' => 'Assetclasses',
    'lang_assetclassgroup' => 'Assetclassgroup',
    'lang_assetclassgroups' => 'Assetclassgroups',
    'lang_cable' => 'Cable',
    'lang_cables' => 'Cables',
    'lang_location' => 'Location',
    'lang_locations' => 'Locations',
    'lang_menu' => 'Menu',
    'lang_nat' => 'NAT',
    'lang_nats' => 'NATs',
    'lang_node' => 'Node',
    'lang_nodes' => 'Nodes',
    'lang_user' => 'User',
@ -30,6 +34,7 @@ $lang = array(
    'lang_all' => 'All',
    'lang_cancel' => 'Cancel',
    'lang_color' => 'Color',
    'lang_del' => 'Delete',
    'lang_error' => 'Error',
    'lang_item' => 'Item',
    'lang_language' => 'Language',
@ -37,13 +42,22 @@ $lang = array(
    'lang_logout' => 'Logout',
    'lang_options' => 'Options',
    'lang_option_none' => '(none)',
    'lang_pass_set' => 'Set new password',
    'lang_reset' => 'Reset',
    'lang_search' => 'Search',
    'lang_statistics' => 'Statistics',
    'lang_subitem' => 'Sub-Item',
    'lang_submit' => 'Submit',
    'lang_save' => 'Save',
    'lang_unassigned' => 'Unassigned',
    'lang_warning' => 'Warning',
    'lang_description' => 'Description',
    'lang_empty' => 'empty',
    'lang_source' => 'Source',
    'lang_target' => 'Target',
    'lang_length' => 'Length',
    'lang_flag_deleted' => 'deleted',
    'lang_flag_reserved' => 'reserved',
    'lang_asset_add' => 'Add asset',
    'lang_asset_del' => 'Delete asset',
@ -52,17 +66,22 @@ $lang = array(
    'lang_asset_name' => 'Asset name',
    'lang_asset_hostname' => 'Hostname',
    'lang_asset_none' => 'There are no assets defined',
    'lang_asset_intf' => 'Number of interfaces',
    'lang_asset_type' => 'Asset type',
    'lang_assetclass_add' => 'Add assetclass',
    'lang_assetclass_del' => 'Delete assetclass',
    'lang_assetclass_edit' => 'Mofidy assetclass',
    'lang_assetclass_name' => 'Assetclass name',
    'lang_assetclass_count' => '# Assets',
    'lang_assetclass_none' => 'There are no assetclasses defined',
    'lang_assetclassgroup_add' => 'Add assetclassgroup',
    'lang_assetclassgroup_del' => 'Delete assetclassgroup',
    'lang_assetclassgroup_edit' => 'Modify assetclassgroup',
-    'lang_assetclassgroup_name' => 'Assetclass Groupname',
+    'lang_assetclassgroup_name' => 'Assetclassgroup Name',
    'lang_assetclass_desc' => 'Description',
    'lang_assetclassgroup_count' => '# Classes',
    'lang_assetclassgroup_none' => 'There are no assetclassegroups defined',
    'lang_assignnodetoasset' => 'Assign node to asset',
@ -83,9 +102,10 @@ $lang = array(
    'lang_location_add' => 'Add location',
    'lang_location_del' => 'Delete location',
-    'lang_location_edit' => 'Mofidy location',
+    'lang_location_edit' => 'Modify location',
    'lang_location_info' => 'Location info',
    'lang_location_name' => 'Location name',
    'lang_location_hierarchy' => 'Location hierarchy',
    'lang_location_parent' => 'Parent',
    'lang_sublocation_add' => 'Add Sub-location',
    'lang_location_none' => 'There are no locations defined',
@ -93,6 +113,13 @@ $lang = array(
    'lang_locationsubnet' => 'Location/Subnet',
    'lang_locationsubnet_edit' => 'Edit Location/Subnet',
    'lang_cable_add' => 'Add cable',
    'lang_cable_del' => 'Delete cable',
    'lang_cable_edit' => 'Modify cable',
    'lang_cable_info' => 'Cable info',
    'lang_cable_type' => 'Cable type',
    'lang_cable_none' => 'There are no cables defined',
    'lang_node_add' => 'Add node',
    'lang_node_del' => 'Delete node',
    'lang_node_edit' => 'Modify node',
@ -104,7 +131,6 @@ $lang = array(
    'lang_mac' => 'MAC Address',
    'lang_proto_vers' => 'Protocol version',
    'lang_nat' => 'NAT',
    'lang_nat_add' => 'Add NAT',
    'lang_nat_del' => 'Delete NAT',
    'lang_nat_edit' => 'Modify NAT',
@ -113,6 +139,7 @@ $lang = array(
    'lang_nat_type_1' => 'Hide',
    'lang_nat_type_2' => 'Static',
    'lang_nat_type_3' => 'Dynamic',
    'lang_nat_none' => 'There are no nat rules defined',
    'lang_search_results_found' => 'Total results found',
@ -143,10 +170,18 @@ $lang = array(
    'lang_user_edit' => 'Mofidy user',
    'lang_user_name' => 'Username',
    'lang_user_password' => 'Password',
    'lang_user_language' => 'Language',
    'lang_user_realm' => 'Realm',
    'lang_user_roles' => 'Roles',
    'lang_user_role_add' => 'Add',
    'lang_user_role_edit' => 'Edit',
    'lang_user_role_delete' => 'Delete',
    'lang_user_role_manage' => 'Manage',
    'lang_user_role_admin' => 'Adminstration',
    'lang_zone_add' => 'Add zone',
    'lang_zone_del' => 'Delete zone',
-    'lang_zone_edit' => 'Mofidy zone',
+    'lang_zone_edit' => 'Modify zone',
    'lang_zone_none' => 'There are no zones defined',
    'lang_vlan_add' => 'Add VLAN',
@ -157,7 +192,6 @@ $lang = array(
    'lang_vlan_new' => 'VLAN info',
    'lang_vlan_name' => 'VLAN name',
    'lang_vlan_none' => 'There are no VLANs defined',
    'lang_user_language' => 'Language',
    'lang_vlansubnet' => 'VLAN/Subnet',
    'lang_vlansubnet_edit' => 'Edit VLAN/Subnet',
@ -171,8 +205,10 @@ $lang = array(
    'lang_comments_usernameinuse' => 'Username in use',
    'lang_comments_invalidpass' => 'Invalid password',
    'lang_comments_invalidnewpass' => 'Invalid new password',
    'lang_comments_accessdenied' => 'Access denied',
    'lang_options_ipreg' => 'IP Reg options',
    'lang_options_profile' => 'Current user profile',
    'lang_options_display' => 'Display options',
    'lang_options_password' => 'Change password',
    'lang_options_imagesize' => 'Imagesize',
@ -207,12 +243,14 @@ $lang = array(
    'lang_about_license_ext' => 'Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)<br>Copyright (C) 2011-2023 Thomas Hooge<p>This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.<p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.<p> You should have received a copy of the GNU General Public License along with this program.  If not, see http://www.gnu.org/licenses/.',
    'lang_about_changelog' => 'Changelog (major changes only)',
    'lang_about_changelog_v09' => 'v0.9 (mar 2023)',
    'lang_about_changelog_v09_ext' => '- Changed database interface to PDO / prepared statements<br>- LDAP authentication<br>- User rights<br>- Improved internal menu system',
    'lang_about_changelog_v08' => 'v0.8 (feb 2023)',
    'lang_about_changelog_v08_ext' => '- Some small improvements and bugfixing<br>- Code simplification as preparation for big refactoring',
    'lang_about_changelog_v07' => 'v0.7 (oct 2018)',
    'lang_about_changelog_v07_ext' => '- Added support for PHP7, switched to mysqli',
    'lang_about_changelog_v06' => 'v0.6 (may 2011)',
-    'lang_about_changelog_v06_ext' => '- Moved towards smarty template engine<br />- language support finalized<br>- added german language<br>- some small bug fixes',
+    'lang_about_changelog_v06_ext' => '- Moved towards smarty template engine<br />- Language support finalized<br>- Added german language<br>- Some small bug fixes',
    'lang_about_changelog_v05' => 'v0.5 (dec 2009)',
    'lang_about_changelog_v05_ext' => '- Complete code rewrite<br>- Input sanitation<br>- Background image<br>- Added multiple counters<br>- HTML is now 100% W3C valid<br>- More user options',
    'lang_about_changelog_v04' => 'v0.4 (jun 2008)',
--- a/lib.php
+++ b/lib.php
@ -7,25 +7,348 @@ Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 // ========== CONSTANT DEFINITIONS ============================================
 // page actions
 define ('ACT_ERR_DENIED',  -1);
 define ('ACT_DEFAULT',      0);
 define ('ACT_ADD',          1);
 define ('ACT_VIEW',         2);
 define ('ACT_EDIT',         3);
 define ('ACT_DELETE',       4);
 define ('ACT_COPY',         5);
 define ('ACT_JOIN',         6);
 define ('ACT_LEAVE',        7);
 define ('ACT_EDIT_DETAIL',  8);
 define ('ACT_DEL_DETAIL',   9);
 define ('ACT_LINK',        10);
 define ('ACT_UNLINK',      11);
 define ('ACT_MAIL',        12);
 define ('ACT_VIEW_LIST',   13);
 define ('ACT_PASSWORD',    14);
 // ========== GLOBAL PAGE START CODE ==========================================
 // global version string
-$config_version = 'v0.8';
+$config_version = 'v0.9.1';
 // available languages
 $config_lang = array('de', 'en');
 include("lib/functions.php");
 require("lib/db.class.php");
 $db = new Db($dblink);
 require("lib/user.class.php");
 $user = new User();
 require_once('smarty3/Smarty.class.php');
 $smarty = new Smarty();
 $smarty->template_dir = 'tpl';
 $smarty->compile_dir = 'tpl_c';
 $smarty->registerPlugin('function', 'treelist', 'print_tree');
-$smarty->assign("suser_tooltips", $_SESSION['suser_tooltips']);
+$smarty->registerPlugin('function', 'msgout', 'msgout');
 if (!empty($_SESSION['suser_id'])) {
    $smarty->assign("suser_name", $_SESSION['suser_displayname']);
    $smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off');
    $smarty->assign("suser_add", $_SESSION['suser_role_add']);
    $smarty->assign("suser_edit", $_SESSION['suser_role_edit']);
    $smarty->assign("suser_delete", $_SESSION['suser_role_delete']);
    $smarty->assign("suser_manage", $_SESSION['suser_role_manage']);
    $smarty->assign("suser_admin", $_SESSION['suser_role_admin']);
 }
-?>
+// prepare global message system
 $g_message = new Message;
 $g_warning = new MessageWarning;
 $g_error = new MessageError;
 $action = ACT_DEFAULT;
 // ========== LANGUAGE FUNCTIONS ==============================================
 function lang_getfrombrowser($allowed, $default) {
    // get browser most preferred language if possible
    if (empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
        return $default;
    }
    $accepted = preg_split('/,\s*/', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
    $current_lang = $default;
    $current_q = 0;
    foreach ($accepted as $lang) {
        $res = preg_match ('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i',
                   $lang, $matches);
        if (!$res) {
            continue;
        }
        $lang_code = explode ('-', $matches[1]);
        if (isset($matches[2])) {
            $lang_quality = (float)$matches[2];
        } else {
            $lang_quality = 1.0;
        }
        while (count($lang_code)) {
            if (in_array(strtolower(join ('-', $lang_code)), $allowed)) {
                if ($lang_quality > $current_q) {
                    $current_lang = strtolower (join ('-', $lang_code));
                    $current_q = $lang_quality;
                    break;
                }
            }
            array_pop($lang_code);
        }
    }
    return $current_lang;
 }
 // ========== FEEDBACK FUNCTIONS ==============================================
 class Message {
    var $count = 0;
    var $text = array();
    var $caption;
    function Message() {
        $this->caption = 'Information';
    }
    function SetCaption($str) {
        $this->caption = $str;
    }
    function Add($msg) {
        $this->count++;
        $this->text[$this->count] = $msg;
    }
    function GetCount() {
        return $this->count;
    }
    function PrintOut() {
        if ($this->count > 0) {
            echo '<div class="info">', "\n";
            echo '<h3>', $this->caption, "</h3>\n";
            echo "<ul>\n";
            for ($i=1; $i<=$this->count; $i++) {
                echo "\t<li>", $this->text[$i],"</li>\n";
            }
            echo "</ul>\n";
            echo "</div>\n";
        }
    }
 }
 class MessageWarning extends Message {
    function MessageWarning() {
        $this->caption = 'Warning';
    }
    function PrintOut() {
        if ($this->count > 0) {
            echo '<div class="warning">', "\n";
            echo '<h3>', $this->caption, "</h3>\n";
            echo "<ul>\n";
            for ($i=1; $i<=$this->count; $i++) {
                echo "\t<li>", $this->text[$i],"</li>\n";
            }
            echo "</ul>\n";
            echo "</div>\n";
        }
    }
 }
 class MessageError extends Message {
    function MessageError() {
        $this->caption = 'Error';
    }
    function PrintOut() {
        if ($this->count > 0) {
            echo '<div class="error">', "\n";
            echo '<h3>', $this->caption, "</h3>\n";
            echo "<ul>\n";
            for ($i=1; $i<=$this->count; $i++) {
                echo "\t<li>", $this->text[$i],"</li>\n";
            }
            echo "</ul>\n";
            echo "</div>\n";
        }
    }
 }
 function msgout(array $parameters, Smarty_Internal_Template $smarty) {
    // This is just a quick hack around missing {php} in Smarty3
    $GLOBALS['g_error']->PrintOut();
    $GLOBALS['g_warning']->PrintOut();
    $GLOBALS['g_message']->PrintOut();
 }
 // ========== FORM FUNCTIONS ==================================================
 function form_get_action() {
    if (!isset($_POST['submit'])) {
        if (isset($_GET['f'])) {
            $submit = $_GET['f'];
        } else {
            $submit = NULL;
        }
    } else {
        $submit = $_POST['submit'];
    }
    if (is_array($submit)) {
        $submit = key($submit);
    }
    return strtolower($submit);
 }
 function submit_error($action) {
    /* Submit buttons that return an unknown value end up in this
       function by default. An exit() is conscious here *not* installed,
       since it could be that despite such an error the program
       execution should be continued. */
    return sprintf('The action "%s" is unknown. It is probably a program error.<br> Please inform your administrator of the exact circumstances of how this situation came about.', strtoupper($action));
 }
 // ========== DATABASE FUCTIONS ===============================================
 function db_load_enum($table, $column) {
    // returns array of enum-values as defined in database
    global $dbh;
    $sql = "SELECT TRIM(TRAILING ')' FROM SUBSTRING(column_type,6))
            FROM information_schema.columns
            WHERE table_name=? AND column_name=?";
    $sth = $dbh->prepare($sql);
    $sth->execute([$table, $column]);
    // Für PHP < 7.4
    // return array_map(function($x) { return trim($x, "'"); }, explode(',', $sth->fetchColumn()));
    return array_map(fn($x) => trim($x, "'"), explode(',', $sth->fetchColumn()));
 }
 function db_get_options_asset() {
    global $dbh;
    $sql = "SELECT asset_id, asset_name FROM asset ORDER BY asset_name";
    $sth = $dbh->query($sql);
    foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
        $options[$rec[0]] = $rec[1];
    }
    return $options;
 }
 function db_get_options_assetclass() {
    global $dbh;
    $sql = "SELECT assetclass_id, assetclass_name FROM assetclass ORDER BY assetclass_name";
    $sth = $dbh->query($sql);
    foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
        $options[$rec[0]] = $rec[1];
    }
    return $options;
 }
 function db_get_options_assetclassgroup() {
    global $dbh;
    $sql = "SELECT assetclassgroup_id, assetclassgroup_name FROM assetclassgroup ORDER BY assetclassgroup_name";
    $sth = $dbh->query($sql);
    foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
        $options[$rec[0]] = $rec[1];
    }
    return $options;
 }
 function db_get_options_location($default = NULL) {
    global $dbh;
    $options = array();
    if ($default != NULL) {
        $options[0] = $default;
    }
    $sql = "SELECT location_id, location_name FROM location ORDER BY location_name";
    $sth = $dbh->query($sql);
    foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
        $options[$rec[0]] = $rec[1];
    }
    return $options;
 }
 function db_get_options_subnet() {
    global $dbh;
    $sql = "SELECT subnet_id,
                CONCAT_WS('/', subnet_address, subnet_mask) AS subnet_name
            FROM subnet
            ORDER BY INET_ATON(subnet_address)";
    $sth = $dbh->query($sql);
    foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
        $options[$rec[0]] = $rec[1];
    }
    return $options;
 }
 function db_get_options_vlan($default = NULL) {
    global $dbh;
    $options = array();
    if ($default != NULL) {
        $options[0] = $default;
    }
    $sql = "SELECT vlan_id, vlan_name FROM vlan ORDER BY vlan_name";
    $sth = $dbh->query($sql);
    foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
        $options[$rec[0]] = $rec[1];
    }
    return $options;
 }
 function db_get_options_zone($default = NULL) {
    global $dbh;
    $options = array();
    if ($default != NULL) {
        $options[0] = $default;
    }
    $sql = "SELECT zone_id, zone_origin FROM zone ORDER BY zone_origin";
    $sth = $dbh->query($sql);
    foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
        $options[$rec[0]] = $rec[1];
    }
    return $options;
 }
 // ========== MISC FUCTIONS ===================================================
 function strip_mac($mac, $caps=true) {
    // strip mac address to 12 char string
    // strip chars we don't need
    $mac = preg_replace('/[^a-fA-F0-9]/', '', $mac);
    if ($caps) {
        $mac = strtoupper($mac);
    } else {
        $mac = strtolower($mac);
    }
    return $mac;
 }
 function write_mac($mac, $user_mac='xx:xx:xx:xx:xx:xx') {
    // rebuild mac address using user supplied format
    if (strlen($mac) != 12) {
        // if the MAC is empty, or for whatever reason incorrect, just return
        return $mac;
    }
    // check format of user mac: count upper or lower char
    $chars = count_chars($user_mac, 1);
    if (array_key_exists(88, $chars) and $chars[88] == 12) {
        $pattern = '/X/';
        $mac = strtoupper($mac);
    } elseif (array_key_exists(120, $chars) and $chars[120] == 12) {
        $pattern = '/x/';
        $mac = strtolower($mac);
    } else {
        // invalid format
        return $mac;
    }
    for($i=0; $i<12; $i++) {
        $user_mac = preg_replace($pattern, $mac[$i], $user_mac, 1);
    }
    return $user_mac;
 }
 function header_location($location) {
    // redirect page
    header('location:' . $location);
    exit;
 }
--- a/lib/db.class.php
+++ b/lib/db.class.php
@ -1,173 +0,0 @@
 <?php
    /*****************************************************************************
    IP Reg, a PHP/MySQL IPAM tool
    Copyright (C) 2007-2009 Wietse Warendorff
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
    For more information, visit http://sourceforge.net/projects/ipreg,
    or contact me at wietsew@users.sourceforge.net
    *****************************************************************************/
    class Db {
        protected $dblink;
        public function __construct ($dblink) {
            $this->dblink = $dblink;
        }
        function db_delete($query) {
            // run query
            $sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
        }
        function db_insert($query) {
            // run query
            echo "<pre>$query</pre>";
            $sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
            // return result
            return mysqli_insert_id($this->dblink);
        }
        function db_select($query) {
            // run query
            $sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
            // loop results
            $result = array();
            while($record = mysqli_fetch_assoc($sql)) {
                $result[] = $record;
            }
            // return array
            return $result;
        }
        function db_update($query) {
            // run query
            $sql = mysqli_query($this->dblink, $query) or die(mysqli_error($this->dblink));
        }
        function options_asset($null_value=NULL) {
            $options = array();
            if (isset($null_value)) {
                $options[0] = $null_value;
            }
            $sql = "SELECT asset_id, asset_name
                    FROM asset
                    ORDER BY asset_name";
            $records = $this->db_select($sql);
            foreach ($records as $rec) {
                $options[$rec['asset_id']] = $rec['asset_name'];
            }
            return $options;
        }
        function options_assetclass($null_value=NULL) {
            $options = array();
            if (isset($null_value)) {
                $options[0] = $null_value;
            }
            $sql = "SELECT assetclass_id, assetclass_name
                    FROM assetclass
                    ORDER BY assetclass_name";
            $records = $this->db_select($sql);
            foreach ($records as $rec) {
                $options[$rec['assetclass_id']] = $rec['assetclass_name'];
            }
            return $options;
        }
        function options_assetclassgroup($null_value=NULL) {
            $options = array();
            if (isset($null_value)) {
                $options[0] = $null_value;
            }
            $sql = "SELECT assetclassgroup_id, assetclassgroup_name
                    FROM assetclassgroup
                    ORDER BY assetclassgroup_name";
            $records = $this->db_select($sql);
            foreach ($records as $rec) {
                $options[$rec['assetclassgroup_id']] = $rec['assetclassgroup_name'];
            }
            return $options;
        }
        function options_location($null_value=NULL) {
            $options = array();
            if (isset($null_value)) {
                $options[0] = $null_value;
            }
            $sql = "SELECT location_id,
                        location_name
                    FROM location
                    ORDER BY location_name";
            $records = $this->db_select($sql);
            foreach ($records as $rec) {
                $options[$rec['location_id']] = $rec['location_name'];
            }
            return $options;
        }
        function options_subnet($null_value=NULL) {
            $options = array();
            if (isset($null_value)) {
                $options[0] = $null_value;
            }
            $sql = "SELECT subnet_id,
                    CONCAT_WS('/', subnet_address, subnet_mask) AS subnet_name
                    FROM subnet
                    ORDER BY INET_ATON(subnet_address)";
            $records = $this->db_select($sql);
            foreach ($records as $rec) {
                $options[$rec['subnet_id']] = $rec['subnet_name'];
            }
            return $options;
        }
        function options_vlan($null_value=NULL) {
            $options = array();
            if (isset($null_value)) {
                $options[0] = $null_value;
            }
            $sql = "SELECT vlan_id,
                        CONCAT_WS(' - ', vlan_number, vlan_name) AS vlan_option
                    FROM vlan
                    ORDER BY vlan_number";
            $records = $this->db_select($sql);
            foreach ($records as $rec) {
                $options[$rec['vlan_id']] = $rec['vlan_option'];
            }
            return $options;
        }
        function options_zone($null_value=NULL) {
            $options = array();
            if (isset($null_value)) {
                $options[0] = $null_value;
            }
            $sql = "SELECT zone_id, zone_origin
                    FROM zone
                    ORDER BY zone_origin";
            $records = $this->db_select($sql);
            foreach ($records as $rec) {
                $options[$rec['zone_id']] = $rec['zone_origin'];
            }
            return $options;
        }
    }
 ?>
--- a/lib/functions.php
+++ b/lib/functions.php
@ -1,170 +1,61 @@
 <?php
-    /*****************************************************************************
+/*****************************************************************************
-    IP Reg, a PHP/MySQL IPAM tool
+IP Reg, a PHP/MySQL IPAM tool
-    Copyright (C) 2007-2009 Wietse Warendorff
+Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
-    This program is free software: you can redistribute it and/or modify
+SPDX-License-Identifier: GPL-3.0-or-later
-    it under the terms of the GNU General Public License as published by
+*****************************************************************************/
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
-    This program is distributed in the hope that it will be useful,
+// sanitize input
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
+function sanitize($input) {
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    global $dblink;
    GNU General Public License for more details.
-    You should have received a copy of the GNU General Public License
+    // trim whitespaces
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    $input = @trim($input);
-    For more information, visit http://sourceforge.net/projects/ipreg,
+    // magic quotes enabled?
-    or contact me at wietsew@users.sourceforge.net
+    if(get_magic_quotes_gpc()) {
-    *****************************************************************************/
+        // strip slashes
-
+        $input = stripslashes($input);
    // strip mac address to 12 char string
    function strip_mac($mac) {
        // strip chars we don't need
        $mac = preg_replace("|[^a-fA-F0-9]|", "", $mac);
        // capitalize (just because it looks better eh)
        $mac = strtoupper($mac);
        // and return
        return ($mac);
    }
-    // rebuild mac address
+    // convert to utf-8
-    function write_mac($mac) {
+    iconv("UTF-8", "UTF-8", $input);
        // check string length
        if (strlen($mac)!=12) {
            // if the MAC is empty, or for whatever reason incorrect, just return
            return $mac;
        } else {
            // count to 12...
            for($i=0;$i<12;$i++) {
                // ... and strip mac to pieces
                ${"mac".$i} = $mac{$i};
            }
-            // get user preference
+    // convert special chars
-            $user_mac = $_SESSION['suser_mac'];
+    $input = htmlentities($input,ENT_QUOTES,'UTF-8');
-            // count to 12 again...
+    // and return
-            for($i=0;$i<12;$i++) {
+    return $input;
-                // ... and replace user preference with pieces
+}
                $user_mac = preg_replace("/x/", ${"mac".$i}, $user_mac, 1);
            }
-            // and return
+function print_tree_rec($tree, $level) {
-            return $user_mac;
+    $output = '<ul class="treelvl' . $level. '">' . "\n";
    foreach ($tree as $node) {
        $output .= '<li><a href="' . $node['href'] . '">' . $node['value'] . '</a>';
        if ($node['info']) {
            $output .= ' - ' . $node['info'];
        }
        if ($node['children']) {
            $output .= "\n" . print_tree_rec($node['children'], $level+1);
        }
        $output .= "</li>\n";
    }
    $output .= "</ul>\n";
    return $output;
 }
-    // redirect page
+function print_tree($params, Smarty_Internal_Template $template) {
-    function header_location($location) {
+    if (empty($params['level'])) {
-        // send header
+        $level = 0;
-        header("location: " . $location);
+    } else {
-
+        $level = $params['level'];
        // exit to be sure
        exit;
    }
-
+    if (empty($params['tree'])) {
-    // sanitize input
+        return '';
-    function sanitize($input) {
+    } else {
-        global $dblink;
+        return print_tree_rec($params['tree'], $level);
        // trim whitespaces
        $input = @trim($input);
        // magic quotes enabled?
        if(get_magic_quotes_gpc()) {
            // strip slashes
            $input = stripslashes($input);
        }
        // convert to utf-8
        iconv("UTF-8", "UTF-8", $input);
        // convert special chars
        $input = htmlentities($input,ENT_QUOTES,'UTF-8');
        // make sql ready
        $input = mysqli_real_escape_string($dblink, $input);
        // and return
        return $input;
    }
 }
    function mysql_nullstring($input) {
        if (isset($input)) {
            return $input;
        } else {
            return '';
        }
    }
    function lang_getfrombrowser ($allowed_languages, $default_language, $lang_variable = null, $strict_mode = true) {
        if ($lang_variable === null) {
            $lang_variable = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
        }
        if (empty($lang_variable)) {
            return $default_language;
        }
        $accepted_languages = preg_split('/,\s*/', $lang_variable);
        $current_lang = $default_language;
        $current_q = 0;
        foreach ($accepted_languages as $accepted_language) {
            $res = preg_match ('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i',
                       $accepted_language, $matches);
            if (!$res) {
                continue;
            }
            $lang_code = explode ('-', $matches[1]);
            if (isset($matches[2])) {
                $lang_quality = (float)$matches[2];
            } else {
                $lang_quality = 1.0;
            }
            while (count ($lang_code)) {
                if (in_array (strtolower (join ('-', $lang_code)), $allowed_languages)) {
                    if ($lang_quality > $current_q) {
                        $current_lang = strtolower (join ('-', $lang_code));
                        $current_q = $lang_quality;
                        break;
                    }
                }
                if ($strict_mode) {
                    break;
                }
                array_pop ($lang_code);
            }
        }
        return $current_lang;
    }
    function print_tree_rec($tree, $level) {
        $output = '<ul class="treelvl' . $level. '">' . "\n";
        foreach ($tree as $node) {
            $output .= '<li><a href="' . $node['href'] . '">' . $node['value'] . '</a>';
            if ($node['children']) {
                $output .= "\n" . print_tree_rec($node['children'], $level+1);
            }
            $output .= "</li>\n";
        }
        $output .= "</ul>\n";
        return $output;
    }
    function print_tree ($params, &$smarty) {
        if (empty($params['level'])) {
            $level = 0;
        } else {
            $level = $params['level'];
        }
        if (empty($params['tree'])) {
            return '';
        } else {
            return print_tree_rec($params['tree'], $level);
        }
    }
 ?>
--- a/lib/user.class.php
+++ b/lib/user.class.php
@ -1,122 +0,0 @@
 <?php
    /*****************************************************************************
    IP Reg, a PHP/MySQL IPAM tool
    Copyright (C) 2007-2009 Wietse Warendorff
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
    For more information, visit http://sourceforge.net/projects/ipreg,
    or contact me at wietsew@users.sourceforge.net
    *****************************************************************************/
    class User {
        function check_strlen($string) {
            // check length
            if(strlen($string)<1) {
                return FALSE;
            } else {
                return TRUE;
            }
        }
        function user_login($user_name, $user_pass) {
            global $dblink;
            // check user_name length
            if($this->check_strlen($user_name)==FALSE) {
                return FALSE;
            }
            // check user_pass length
            if($this->check_strlen($user_pass)==FALSE) {
                return FALSE;
            }
            // get user data
                // initiate class
                $db = new Db($dblink);
                // build query
                $query = "SELECT
                    user.user_id,
                    user.user_pass,
                    user.user_displayname,
                    user.user_language,
                    user.user_imagesize,
                    user.user_imagecount,
                    user.user_mac,
                    user.user_dateformat,
                    user.user_dns1suffix,
                    user.user_dns2suffix,
                    user.user_menu_assets,
                    user.user_menu_assetclasses,
                    user.user_menu_assetclassgroups,
                    user.user_menu_locations,
                    user.user_menu_nodes,
                    user.user_menu_subnets,
                    user.user_menu_users,
                    user.user_menu_vlans,
                    user.user_menu_zones,
                    user.user_tooltips
                FROM
                    user
                WHERE
                    user.user_name='" . $user_name . "'";
                // run query
                $users = $db->db_select($query);
                // count results
                $user_counter = count($users);
                // any users?
                if ($user_counter>0) {
                    // compare passwords
                    if(!strcmp(md5($user_pass), $users[0]['user_pass'])) {
                        // all ok: user is logged in, register session data
                        $_SESSION['suser_id'] = $users[0]['user_id'];
                        $_SESSION['suser_displayname'] = $users[0]['user_displayname'];
                        $_SESSION['suser_language'] = $users[0]['user_language'];
                        $_SESSION['suser_imagesize'] = $users[0]['user_imagesize'];
                        $_SESSION['suser_imagecount'] = $users[0]['user_imagecount'];
                        $_SESSION['suser_mac'] = $users[0]['user_mac'];
                        $_SESSION['suser_dateformat'] = $users[0]['user_dateformat'];
                        $_SESSION['suser_dns1suffix'] = $users[0]['user_dns1suffix'];
                        $_SESSION['suser_dns2suffix'] = $users[0]['user_dns2suffix'];
                        $_SESSION['suser_menu_assets'] = $users[0]['user_menu_assets'];
                        $_SESSION['suser_menu_assetclasses'] = $users[0]['user_menu_assetclasses'];
                        $_SESSION['suser_menu_assetclassgroups'] = $users[0]['user_menu_assetclassgroups'];
                        $_SESSION['suser_menu_locations'] = $users[0]['user_menu_locations'];
                        $_SESSION['suser_menu_nodes'] = $users[0]['user_menu_nodes'];
                        $_SESSION['suser_menu_subnets'] = $users[0]['user_menu_subnets'];
                        $_SESSION['suser_menu_users'] = $users[0]['user_menu_users'];
                        $_SESSION['suser_menu_vlans'] = $users[0]['user_menu_vlans'];
                        $_SESSION['suser_menu_zones'] = $users[0]['user_menu_zones'];
                        $_SESSION['suser_tooltips'] = $users[0]['user_tooltips'];
                    } else {
                        return FALSE;
                    }
                } else {
                    return FALSE;
                }
            // no errors found, return
            return TRUE;
        }
        function user_logout() {
            // clear and destroy session
            $_SESSION = array();
        }
    }
 ?>
--- a/location.php
+++ b/location.php
@ -9,17 +9,146 @@ SPDX-License-Identifier: GPL-3.0-or-later
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // look for parents
 // function to look for parents and create a new array for every child
 function location($parents, $parent = 0) {
 	// loop array to check
 	foreach($parents[$parent] as $child) {
 		if(isset($parents[$child])) {
 			// element has children
 			$children[$child] = location($parents, $child);
 		} else {
 			// no children, set NULL
 			$children[$child] = NULL;
 		}
 	}
 	// and again...
 	return $children;
 }
 // recursive children check to template
 function checkchildren($locations, $level) {
 	global $location_options;
 	global $location_names;
 	global $location_parent;
 	foreach ($locations as $parent=>$child) {
 		$row = str_repeat("-&nbsp;&nbsp;", $level) . $location_names[$parent];
 		$location_options[$parent] = $row;
 		if (isset($child)) {
 			checkchildren($child, $level+1);
 		}
 	}
 }
 // ========== ADDITIONAL ACTION DEFINITIONS ===================================
 define ('ACT_SUBNET_EDIT', 100);
 define ('ACT_SUBNET_ADD', 101);
 define ('ACT_SUBNET_DEL', 102);
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'link':  $action = ACT_SUBNET_EDIT; break;
    case 'exec-link':
        if ($_POST['action'] == 'locationsubnetadd') {
            $action = ACT_SUBNET_ADD;
        } elseif ($_POST['action'] == 'locationsubnetdel') {
            $action = ACT_SUBNET_DEL;
        } else {
            $g_warning->Add('invalid action!'. $_POST['action']);
        }
        break;
    case 'insert':
        $name = sanitize($_POST['location_name']);
        $parent = sanitize($_POST['location_parent']);
        $info = sanitize($_POST['location_info']);
        $sql = "INSERT INTO location (
                    location_name, location_parent, location_info
                )
                VALUE (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$name, $parent, $info]);
        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break;
    case 'update':
        $location_name = sanitize($_POST['location_name']);
        $location_info = sanitize($_POST['location_info']);
        $parentlocation_id = sanitize($_POST['parentlocation_id']);
        $sql = "UPDATE location SET
                    location_name=?, location_parent=?, location_info=?
                WHERE location_id=?";
        $sth = $dbh->prepare($sql);
        $sth->execute([$location_name, $parentlocation_id, $location_info, $id]);
        $action = ACT_VIEW;
        break;
    case 'subnetlink':
        $subnet_id = sanitize($_POST['subnet_id']);
        $sql = "INSERT INTO subnetlocation (location_id, subnet_id) VALUE (?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$id, $subnet_id]);
        $action = ACT_VIEW;
        break;
    case 'subnetunlink':
        $subnet_id = sanitize($_POST['subnet_id']);
        $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
        $sth->execute([$id, $subnet_id]);
        $g_message->Add('Link removed');
        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=?");
        $sth->execute([$id]);
        $n = $sth->rowCount();
        if ($n > 0) {
            $g_message->Add("$n Subnetzzuordnungen wurden entfernt.");
        }
        $sth = $dbh->prepare("DELETE FROM location WHERE location_id=?");
        $g_message->Add("Standort wurde gelöscht.");
        $sth->execute([$id]);
        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
-$query = "SELECT
+if ($action == ACT_DEFAULT):
-	location_id AS id,
+// ========== VARIANT: default behavior =======================================
 	location_name AS value,
 	location_parent AS parent_id
 FROM
 	location
 ORDER BY location_parent, location_sort, location_name";
-$locations = $db->db_select($query);
+$sql = "SELECT location_id AS id, location_name AS value, location_parent AS parent_id,
            CONCAT(LEFT(location_info,40), IF(CHAR_LENGTH(location_info)>40,'...','')) AS info
        FROM location
        ORDER BY location_parent, location_sort, location_name";
 $sth = $dbh->query($sql);
 $locations = $sth->fetchAll();
 $smarty->assign('location_count', count($locations));
 // function for recursion
 function build_tree($parent_id, $level) {
@ -30,7 +159,7 @@ function build_tree($parent_id, $level) {
            unset($location['parent_id']);
            $location['children'] = build_tree($location['id'], $level+1);
            $location['level'] = $level;
-            $location['href'] = 'locationview.php?location_id=' . $location['id'];
+            $location['href'] = 'location.php?f=view&id=' . $location['id'];
            $children[] = $location;
        }
    }
@ -42,5 +171,204 @@ $smarty->assign("locations", $tree);
 $smarty->display("location.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 $sql = "SELECT location_id AS id, location_name AS name,
            location_parent AS parent, location_sort AS sort
        FROM location
        ORDER BY location_parent, location_sort, location_name";
 $sth = $dbh->query($sql);
 $locations = $sth->fetchAll();
 if (count($locations) > 0) {
    foreach ($locations AS $location) {
        $location_names[$location['id']] = $location['name'];
        $parents[$location['parent']][] = $location['id'];
    }
 }
 $tree = location($parents);
 // create tree option list
 $location_options = array(0 => '-');
 checkchildren($tree, 0);
 $smarty->assign("location_options", $location_options);
 $location_parent = sanitize($_GET['parent']);
 $smarty->assign("location_parent", $location_parent);
 $smarty->display("locationadd.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 // base location
 $sql = "SELECT location_id AS id, location_name AS name,
            location_parent AS parent_id, location_info AS info,
            CONCAT('location.php?f=view&id=', location_id) AS url
 	    FROM location
 	    WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $location = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("location", $location);
 // crumbs
 $crumbs[] = $location;
 $sql = "SELECT location_id AS id, location_name AS name,
            location_parent AS parent_id,
            CONCAT('location.php?f=view&id=', location_id) AS url
 	    FROM location
 	    WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 while ($crumbs[0]->parent_id != 0) {
 	$sth->execute([$crumbs[0]->parent_id]);
 	$result = $sth->fetch(PDO::FETCH_OBJ);
 	array_unshift($crumbs, $result);
 }
 $smarty->assign("crumbs", $crumbs);
 // sublocations		
 $sql = "SELECT location_id AS sublocation_id, location_name AS sublocation_name,
            LEFT(location_info, 40) AS info_short,
            CHAR_LENGTH(location_info) AS info_length
        FROM location
        WHERE location_parent=?
        ORDER BY location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("sublocations", $sth->fetchAll());
 // subnets
 $sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask
        FROM subnet AS s LEFT JOIN subnetlocation AS l USING (subnet_id)
 	    WHERE l.location_id=?
 	    ORDER BY INET_ATON(s.subnet_address)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnets", $sth->fetchAll());
 $smarty->display("locationview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 // TODO implement sorting with location_sort
 // location			
 $sql = "SELECT location_id AS id, location_name AS name, location_parent AS parent,
            location_info AS info, location_sort AS sort
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $location = $sth->fetch(PDO::FETCH_OBJ);
 $location_parent = $location->parent;
 $smarty->assign("location", $location);
 // parent location
 $sql = "SELECT location_id, location_name, location_parent
        FROM location
        WHERE location_id != ?
        ORDER BY location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $locations = $sth->fetchAll();
 $location_counter = count($locations);
 $smarty->assign("location_counter", $location_counter);
 // any locations?
 if ($location_counter>0) {
 	foreach($locations AS $location) {
 		$location_names[$location['location_id']] = $location['location_name'];
 		$parents[$location['location_parent']][] = $location['location_id'];
 	}
 }
 $tree = location($parents);
 $location_options = array(0 => '-');
 checkchildren($tree, 0);
 $smarty->assign("location_options", $location_options);
 $smarty->assign("location_parent", $location_parent);
 $smarty->display("locationedit.tpl");
 elseif ($action == ACT_SUBNET_EDIT):
 // ========== VARIANT: location to subnet =====================================
 $sql = "SELECT location_id AS id, location_name AS name
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("locationsubnetedit.tpl");
 elseif ($action == ACT_SUBNET_ADD):
 // ========== VARIANT: add location to subnet =================================
 $sql = "SELECT location_id AS id, location_name AS name
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 // TODO Filter für bereits zugeordnete Subnetze
 $smarty->assign("subnet_options", db_get_options_subnet());
 $smarty->display("locationsubnetadd.tpl");
 elseif ($action == ACT_SUBNET_DEL):
 // ========== VARIANT: del location to subnet =================================
 // location
 $sql = "SELECT location_id AS id, location_name AS name
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 // subnet
 $sql = "SELECT s.subnet_id, CONCAT_WS('/', s.subnet_address, s.subnet_mask)
        FROM subnetlocation AS l LEFT JOIN subnet AS s USING (subnet_id)
        WHERE l.location_id=?
        ORDER BY INET_ATON(s.subnet_address)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $options = array();
 foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
    $options[$rec[0]] = $rec[1];
 }
 $smarty->assign("subnet_options", $options);
 $smarty->display("locationsubnetdel.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $sql = "SELECT location_id AS id, location_name AS name FROM location WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("locationdel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/locationadd.php
+++ b/locationadd.php
@ -1,78 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_parent = sanitize($_GET['location_parent']);
 include("header.php");
 // *************   <option value="0">{$lang_option_none}</option>
 $query = "SELECT location_id, location_name, location_parent, location_sort
 	FROM location
 	ORDER BY location_parent, location_sort, location_name";
 $locations = $db->db_select($query);
 $location_counter = count($locations);
 if ($location_counter>0) {
 	// get objects
 	foreach ($locations AS $location) {
 		// create arrays
 		$location_names[$location['location_id']] = $location['location_name'];
 		$parents[$location['location_parent']][] = $location['location_id'];
 	}
 }
 // look for parents
 // function to look for parents and create a new array for every child
 function location($parents, $parent = 0) {
 	// loop array to check
 	foreach ($parents[$parent] as $child) {
 		if (isset($parents[$child])) {
 			// element has children
 			$children[$child] = location($parents, $child);
 		} else {
 			// no children, set NULL
 			$children[$child] = NULL;
 		}
 	}
 	// and again...
 	return $children;
 }
 // recursive children check to template
 function checkchildren($locations, $level) {
 	global $location_options;
 	global $location_names;
 	global $location_parent;
 	foreach ($locations as $parent=>$child) {
 		$row = str_repeat("-&nbsp;&nbsp;", $level) . $location_names[$parent];
 		$location_options[$parent] = $row;
 		if (isset($child)) {
 			checkchildren($child, $level+1);
 		}
 	}
 }
 $tree = location($parents);
 $location_options = array(0 => '-');
 checkchildren($tree, 0);
 $smarty->assign("location_options", $location_options);
 $smarty->assign("location_parent", $location_parent);
 $smarty->display("locationadd.tpl");
 include("footer.php");
 ?>
--- a/locationdel.php
+++ b/locationdel.php
@ -1,31 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 $query = "SELECT
 	location_name
 FROM
 	location
 WHERE
 	location_id=" . $location_id;
 $location = $db->db_select($query);
 $smarty->assign("location_id", $location_id);
 $smarty->assign("location_name", $location[0]['location_name']);
 $smarty->display("locationdel.tpl");
 include("footer.php");
 ?>
--- a/locationedit.php
+++ b/locationedit.php
@ -1,104 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 // location			
 $query = "SELECT
 	location_name,
 	location_parent,
 	location_info,
 	location_sort
 FROM
 	location
 WHERE
 	location_id=" . $location_id;
 $location = $db->db_select($query);
 $location_parent = $location[0]['location_parent'];
 $smarty->assign("location_id", $location_id);
 $smarty->assign("location_name", $location[0]['location_name']);
 $smarty->assign("location_info", $location[0]['location_info']);
 $smarty->assign("location_sort", $location[0]['location_sort']);
 // parent location
 $query = "SELECT
 	location_id,
 	location_name,
 	location_parent
 FROM
 	location
 WHERE
 	location_id != " . $location_id . "
 ORDER BY
 	location_name";
 $locations = $db->db_select($query);
 $location_counter = count($locations);
 $smarty->assign("location_counter", $location_counter);
 // any loactions?
 if ($location_counter>0) {
 	foreach($locations AS $location) {
 		$location_names[$location['location_id']] = $location['location_name'];
 		$parents[$location['location_parent']][] = $location['location_id'];
 	}
 }
 // look for parents
 // function to look for parents and create a new array for every child
 function location($parents, $parent = 0) {
 	// loop array to check
 	foreach($parents[$parent] as $child) {
 		if(isset($parents[$child])) {
 			// element has children
 			$children[$child] = location($parents, $child);
 		} else {
 			// no children, set NULL
 			$children[$child] = NULL;
 		}
 	}
 	// and again...
 	return $children;
 }
 // recursive children check to template
 function checkchildren($locations, $level) {
 	global $location_options;
 	global $location_names;
 	global $location_parent;
 	foreach ($locations as $parent=>$child) {
 		$row = str_repeat("-&nbsp;&nbsp;", $level) . $location_names[$parent];
 		$location_options[$parent] = $row;
 		if(isset($child)) {
 			checkchildren($child, $level+1);
 		}
 	}
 }
 $tree = location($parents);
 $location_options = array(0 => '-');
 checkchildren($tree, 0);
 $smarty->assign("location_options", $location_options);
 $smarty->assign("location_parent", $location_parent);
 $smarty->display("locationedit.tpl");
 include("footer.php");
 ?>
--- a/locationsubnetadd.php
+++ b/locationsubnetadd.php
@ -1,31 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 $query = "SELECT
 		location_name
 	FROM
 		location
 	WHERE
 		location_id=" . $location_id;
 $location = $db->db_select($query);
 $smarty->assign("location_id", $location_id);
 $smarty->assign("location_name", $location[0]['location_name']);
 $smarty->assign("subnet_options", $db->options_subnet());
 $smarty->display("locationsubnetadd.tpl");
 include("footer.php");
 ?>
--- a/locationsubnetdel.php
+++ b/locationsubnetdel.php
@ -1,47 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 // location		
 $query = "SELECT
 	location_name
 FROM
 	location
 WHERE
 	location_id=" . $location_id;
 $location = $db->db_select($query);
 $smarty->assign("location_id", $location_id);
 $smarty->assign("location_name", $location[0]['location_name']);
 // subnet
 $query = "SELECT
 		s.subnet_id,
 		s.subnet_address,
 		s.subnet_mask
 	FROM
 		subnetlocation AS l LEFT JOIN subnet AS s USING (subnet_id)
 	WHERE
 		l.location_id="  . $location_id . "
 	ORDER BY
 		INET_ATON(s.subnet_address)";
 $subnets = $db->db_select($query);
 $smarty->assign($subnets);
 $smarty->display("locationsubnetdel.tpl");
 include("footer.php");
 ?>
--- a/locationsubnetedit.php
+++ b/locationsubnetedit.php
@ -1,31 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 // location
 $query = "SELECT
 		location_name
 	FROM
 		location
 	WHERE
 		location_id=" . $location_id;
 $location = $db->db_select($query);
 $smarty->assign("location_id", $location_id);
 $smarty->assign("location_name", $location[0]['location_name']);
 $smarty->display("locationsubnetedit.tpl");
 include("footer.php");
 ?>
--- a/locationview.php
+++ b/locationview.php
@ -1,80 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 // locationcrumb
 $query = "SELECT location_id AS id,
 	    location_name AS name,
 	    location_parent AS parent_id,
 	    location_info
 	FROM location
 	WHERE location_id=" . $location_id;
 $location = $db->db_select($query);
 $location[0]['url'] = 'locationview.php?location_id=' . $location[0]['id'];
 $crumbs[] = $location[0];
 $level = 1;
 while ($crumbs[0]['parent_id'] != 0) {
 	$query = "SELECT location_id AS id, 
 		location_name AS name,
 		location_parent AS parent_id
 	    FROM location
 	    WHERE location_id=" . $crumbs[0]['parent_id'];
 	$result = $db->db_select($query);
 	$result[0]['url'] = 'locationview.php?location_id=' . $result[0]['id'];
 	array_unshift($crumbs, $result[0]);
 	$level++;
 }
 $smarty->assign("location_id", $location_id);
 $smarty->assign("location_info", nl2br($location[0]['location_info']));
 $smarty->assign("crumbs", $crumbs);
 // sublocations		
 $query = "SELECT
 		location_id AS sublocation_id,
 		location_name AS sublocation_name,
 		LEFT(location_info, 40) AS info_short,
 		CHAR_LENGTH(location_info) AS info_length
 	FROM
 		location
 	WHERE
 		location_parent=" . $location_id . "
 	ORDER BY
 		location_name";
 $sublocations = $db->db_select($query);
 $smarty->assign("sublocations", $sublocations);
 // subnets
 $query = "SELECT
 		s.subnet_id,
 		s.subnet_address,
 		s.subnet_mask
 	FROM
 		subnet AS s LEFT JOIN subnetlocation USING (subnet_id)
 	WHERE
 		subnetlocation.location_id=" . $location_id . "
 	ORDER BY
 		INET_ATON(s.subnet_address)";
 $subnets = $db->db_select($query);
 $smarty->assign("subnets", $subnets);
 $smarty->display("locationview.tpl");
 include("footer.php");
 ?>
--- a/login.php
+++ b/login.php
@ -7,41 +7,165 @@ Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
-session_name('ipreg');
+if (! include("config.php")) {
    echo "<!DOCTYPE html><html><head><title>IP Reg</title></head><body>\n";
    echo "<h1>IP Reg</h1><h2>No configuration</h2>\n";
    echo '<p>Error loading configuration.';
    echo 'Please <a href="install">check your installation</a>.', "</p>\n";
    echo "</body></html>\n";
    exit(1);
 }
 session_name($config_app_session);
 session_start();
-include("config.php");
+// connect to database
-include("dbconnect.php");
+$dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charset=utf8", $config_mysql_username, $config_mysql_password);
 $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
-include("lib.php");
+include("lib.php"); // for smarty e.g.
-// include language file
+// ========== LOGIN FUNCTIONS =================================================
-$language = lang_getfrombrowser($config_lang, $config_lang_default, null, false);
+
 function check_ldap_bind($user_name, $user_pass) {
    global $config_ldap_host;
    global $config_ldap_port;
    global $config_ldap_base_dn;
    global $config_ldap_bind_dn;
    global $config_ldap_bind_pass;
    global $config_ldap_login_attr;
    $ldap_conn = NULL;
    foreach ($config_ldap_host as $server) {
        if ($ldap_conn = ldap_connect($server, $config_ldap_port)) {
            if ($res = ldap_bind($ldap_conn, $config_ldap_bind_dn, $config_ldap_bind_pass)) {
                ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
                ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
                $filter = "(&(objectClass=user)($config_ldap_login_attr=$user_name))";
                $res = ldap_search($ldap_conn, $config_ldap_base_dn, $filter, ['dn']);
                if ($res) {
                    $info = ldap_get_entries($ldap_conn, $res);
                    $user_dn = utf8_encode($info[0]['dn']);
                    $res = @ldap_bind($ldap_conn, $user_dn, $user_pass);
                    if ($res) {
                        return TRUE;
                    }
                }
            }
            return FALSE;
        }
    }
    return FALSE;
 }
 function user_login ($user_name, $user_pass) {
    global $dbh;
    if (strlen($user_name) < 1) {
        return FALSE;
    }
    if (strlen($user_pass) < 1) {
        return FALSE;
    }
    $sql = "SELECT user_id, user_pass, user_displayname, user_language,
                user_imagesize, user_imagecount, user_mac, user_dateformat,
                user_dns1suffix, user_dns2suffix, user_tooltips,
                user_menu, user_role, user_flags, user_realm
            FROM user
            WHERE user_name=?";
    $sth = $dbh->prepare($sql);
    $sth->execute([$user_name]);
    if (!$user = $sth->fetch(PDO::FETCH_OBJ)) {
        // no user record found
        return FALSE;
    }
    if ($user->user_realm == 'ldap') {
        // check LDAP auth
        if (! check_ldap_bind($user_name, $user_pass)) {
            return FALSE;
        }
        // TODO sync LDAP data to local
    } else {
        // compare local passwords
        if (strcmp(md5($user_pass), rtrim($user->user_pass)) != 0) {
            // password does not match with md5, check if new hash matches
            // For future expansion: $pwd_peppered = hash_hmac('sha256', $user_pass, $config_pepper);
            if (! password_verify($user_pass, $user->user_pass)) {
                return FALSE;
            }
        } else {
            // md5 match but outdated. rewrite with new algo
            $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
            $newhash = password_hash($user_pass, PASSWORD_BCRYPT);
            $sth->execute([$newhash, $user->user_id]);
        }
    }
    // all ok: user is logged in, register session data
    $_SESSION['suser_id'] = $user->user_id;
    $_SESSION['suser_realm'] = $user->user_realm;
    $_SESSION['suser_displayname'] = $user->user_displayname;
    $_SESSION['suser_language'] = $user->user_language;
    $_SESSION['suser_imagesize'] = $user->user_imagesize;
    $_SESSION['suser_imagecount'] = $user->user_imagecount;
    $_SESSION['suser_mac'] = $user->user_mac;
    $_SESSION['suser_dateformat'] = $user->user_dateformat;
    $_SESSION['suser_dns1suffix'] = $user->user_dns1suffix;
    $_SESSION['suser_dns2suffix'] = $user->user_dns2suffix;
    $_SESSION['suser_tooltips'] = $user->user_tooltips;
    $roles = explode(',', $user->user_role);
    if (in_array('admin', $roles)) {
        // admin means everything!
        $roles = ['add', 'edit', 'delete', 'manage', 'admin'];
        $_SESSION['suser_role_admin'] = true;
    }
    $_SESSION['suser_role_add'] = in_array('add', $roles);
    $_SESSION['suser_role_edit'] = in_array('edit', $roles);
    $_SESSION['suser_role_delete'] = in_array('delete', $roles);
    $_SESSION['suser_role_manage'] = in_array('manage', $roles);
    $menu = explode(',', $user->user_menu);
    $_SESSION['suser_menu_assets'] = in_array('asset', $menu);
    $_SESSION['suser_menu_assetclasses'] = in_array('class', $menu);
    $_SESSION['suser_menu_assetclassgroups'] = in_array('group', $menu);
    $_SESSION['suser_menu_cables'] = in_array('cable', $menu);
    $_SESSION['suser_menu_locations'] = in_array('location', $menu);
    $_SESSION['suser_menu_nodes'] = in_array('node', $menu);
    $_SESSION['suser_menu_nats'] = in_array('nat', $menu);
    $_SESSION['suser_menu_subnets'] = in_array('subnet', $menu);
    $_SESSION['suser_menu_vlans'] = in_array('vlan', $menu);
    $_SESSION['suser_menu_zones'] = in_array('zone', $menu);
    return TRUE;
 }
 // No header included, this page has no menu
 // ========== LOGIN: HERE BE DRAGONS ==========================================
 $language = lang_getfrombrowser($config_lang, $config_lang_default);
 include('lang/' . $language . '.php');
-// check for submit
+if ($_SERVER['REQUEST_METHOD'] == "POST" ) {
 if ($_SERVER['REQUEST_METHOD']=="POST" ) {
 	/// get post info
 	$user_name = sanitize($_POST['user_name']);
 	$user_pass = sanitize($_POST['user_pass']);
-	// login
+    $user_name = sanitize($_POST['user_name']);
-	$login = $user->user_login($user_name, $user_pass);
+    $user_pass = sanitize($_POST['user_pass']);
-	if($login==TRUE) {
+    if (user_login($user_name, $user_pass) == TRUE) {
-		// redirect
+        header_location($_SESSION['prelogin'] ?? 'index.php');
-		header_location("index.php");
+    } else {
-	} else {
+        $_SESSION = array();
-		// not ok, break session
+        session_destroy();
-		$_SESSION = array();
+    }
 		session_destroy();
 	}
 }
 $smarty->assign("config_version", $config_version);
 $smarty->assign($lang);
 $smarty->display("login.tpl");
-include("footer.php");
+$smarty->display('footer.tpl');
 ?>
--- a/logout.php
+++ b/logout.php
@ -14,4 +14,3 @@ $_SESSION = array();
 // redirect to start page
 header("Location: index.php");
 ?> 
--- a/nat.php
+++ b/nat.php
@ -0,0 +1,202 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'exec-edit':
        if ($_POST['action'] == 'natadd') {
            $action = ACT_ADD;
        } elseif ($_POST['action'] == 'natdel') {
            $action = ACT_DELETE;
        } else {
            $g_warning->Add('Invalid action: '. $_POST['action']);
        }
        break;
    case 'insert':
        $node_id_ext = sanitize($_POST['node_id_ext']);
        $node_id_int = sanitize($_POST['node_id_int']);
        $nat_type = sanitize($_POST['nat_type']);
        $sql = "INSERT INTO nat (nat_ext, nat_int, nat_type)
                VALUE (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$node_id_ext, $node_id_int, $nat_type]);
        header_location("node.php?f=view&id=$node_id_ext");
        break;
    case 'delete':
        $node_id_ext = sanitize($_POST['node_id_ext']);
        $sth = $dbh->prepare("DELETE FROM nat WHERE nat_id=?");
        try {
            $sth->execute([$id]);
        } catch (PDOException $e) {
            $g_warning->Add($e->getMessage());
        }
        // TODO
        // header_location("node.php?f=view&id=" . $node_id_ext);
        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
 if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 $sql = "SELECT n.nat_id AS id, n.nat_type, n.nat_ext, n.nat_int,
            n.nat_ext_port AS port_ext, n.nat_int_port AS port_int,
            n.nat_description AS description,
            n1.node_ip AS node_ip_int, n2.node_ip AS node_ip_ext
 	FROM nat AS n
 	    LEFT JOIN node AS n1 ON (n.nat_int=n1.node_id)
 	    LEFT JOIN node AS n2 ON (n.nat_ext=n2.node_id)
 	ORDER BY INET_ATON(nat_ext)";
 $sth = $dbh->query($sql);
 $smarty->assign("nats", $sth->fetchAll());
 $smarty->display("nat.tpl");
 elseif ($action == ACT_ADD):
 // ========== VARIANT: add record =============================================
 $node_id = sanitize($_REQUEST['node_id']);
 // node_ext
 $sql = "SELECT node_ip AS node_ip_ext
        FROM node
        WHERE node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $node = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("node_id_ext", $node_id);
 $smarty->assign("node_ip_ext", $node->node_ip_ext);
 // node_int
 $sql = "SELECT
 		a.asset_name,
 		n.node_id AS node_id_int,
 		n.node_ip AS node_ip_int
 	FROM
 		asset AS a LEFT JOIN node AS n USING (asset_id)
 	WHERE
 		n.node_id NOT IN (
 			SELECT
 				nat_int
 			FROM
 				nat
 			WHERE
 				nat_ext=?
 		)
 		AND n.node_id!=?
 	ORDER BY
 		INET_ATON(n.node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id, $node_id]);
 $nodes = $sth->fetchAll();
 foreach ($nodes as $rec) {
     $node_options[$rec['node_id_int']] = $rec['node_ip_int'] . '/' . $rec['asset_name'];
 }
 $smarty->assign("node_options", $node_options);
 $nat_type_options[1] = $lang['lang_nat_type_1'];
 $nat_type_options[2] = $lang['lang_nat_type_2'];
 $nat_type_options[3] = $lang['lang_nat_type_3'];
 $smarty->assign("nat_type_options", $nat_type_options);
 $smarty->display("natadd.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 $sql = "SELECT nat_id AS id, nat_type AS type, nat_ext, nat_int FROM nat WHERE nat_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("nat", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("natview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $node_id = sanitize($_GET['node_id']);
 $sql = "SELECT node_id AS id, node_ip AS ip FROM node WHERE node.node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("natedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $node_id = sanitize($_REQUEST['node_id']);
 // node_ext
 $sth = $dbh->prepare("SELECT node_id AS id_ext, node_ip AS ip_ext FROM node WHERE node_id=?");
 $sth->execute([$node_id]);
 $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 // options
 $sql = "SELECT x.nat_id, n.node_ip, a.asset_name
 	FROM nat AS x
 	    LEFT JOIN node AS n ON (x.nat_int=n.node_id)
 	    LEFT JOIN asset AS a USING (asset_id) 
 	WHERE x.nat_ext=?
 	ORDER BY INET_ATON(n.node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $nats = $sth->fetchAll();
 $options = array();
 foreach ($nats as $rec) {
    $options[$rec['nat_id']] = $rec['node_ip'] . '/' . $rec['asset_name'];
 }
 $smarty->assign("nat_options", $options);
 $smarty->display("natdel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/natadd.php
+++ b/natadd.php
@ -1,63 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_id = sanitize($_GET['node_id']);
 include("header.php");
 // node_ext
 $query = "SELECT
 		node_ip AS node_ip_ext
 	FROM
 		node
 	WHERE
 		node_id=" . $node_id;
 $node = $db->db_select($query);
 $smarty->assign("node_id_ext", $node_id);
 $smarty->assign("node_ip_ext", $node[0]['node_ip_ext']);
 // node_int
 $query = "SELECT
 		a.asset_name,
 		n.node_id AS node_id_int,
 		n.node_ip AS node_ip_int
 	FROM
 		asset AS a LEFT JOIN node AS n USING (asset_id)
 	WHERE
 		n.node_id NOT IN (
 			SELECT
 				nat_int
 			FROM
 				nat
 			WHERE
 				nat_ext=" . $node_id . "
 		)
 		AND n.node_id!=" . $node_id . "
 	ORDER BY
 		INET_ATON(n.node_ip)";
 $nodes = $db->db_select($query);
 foreach ($nodes as $rec) {
     $node_options[$rec['node_id_int']] = $rec['node_ip_int'] . '/' . $rec['asset_name'];
 }
 $smarty->assign("node_options", $node_options);
 $nat_type_options[1] = $lang['lang_nat_type_1'];
 $nat_type_options[2] = $lang['lang_nat_type_2'];
 $nat_type_options[3] = $lang['lang_nat_type_3'];
 $smarty->assign("nat_type_options", $nat_type_options);
 $smarty->display("natadd.tpl");
 include("footer.php");
 ?>
--- a/natdel.php
+++ b/natdel.php
@ -1,55 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_id = sanitize($_GET['node_id']);
 include("header.php");
 // node_ext
 $query = "SELECT
 		node_ip AS node_ip_ext
 	FROM
 		node
 	WHERE
 		node_id=" . $node_id;
 $node = $db->db_select($query);
 $smarty->assign("node_id_ext", $node_id);
 $smarty->assign("node_ip_ext", $node[0]['node_ip_ext']);
 // options
 $query = "SELECT
 		a.asset_name,
 		n.node_ip,
 		x.nat_ext
 	FROM
 		asset AS a,
 		nat AS x,
 		node AS n
 	WHERE
 		x.nat_ext="  . $node_id . "
 		AND n.node_id=x.nat_int
 		AND a.asset_id=n.asset_id
 	ORDER BY
 		INET_ATON(n.node_ip)";
 $nodes = $db->db_select($query);
 $options = array();
 foreach ($nodes as $rec) {
    $options[$rec['nat_ext']] = $rec['node_ip'] . '/' . $rec['asset_name'];
 }
 $smarty->assign("nat_options", $options);
 $smarty->display("natdel.tpl");
 include("footer.php");
 ?>
--- a/natedit.php
+++ b/natedit.php
@ -1,31 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_id = sanitize($_GET['node_id']);
 include("header.php");
 $query = "SELECT
 	node_ip
 FROM
 	node
 WHERE
 	node.node_id=" . $node_id;
 $node = $db->db_select($query);
 $smarty->assign("node_id", $node_id);
 $smarty->assign("node_ip", $node[0]['node_ip']);
 $smarty->display("natedit.tpl");
 include("footer.php");
 ?>
--- a/node.php
+++ b/node.php
@ -8,33 +8,305 @@ SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'link':  $action = ACT_LINK; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'insert':
        // node with asset or link node to asset
        $asset_name = sanitize($_POST['asset_name']);
        $asset_hostname = sanitize($_POST['asset_hostname']);
        $assetclass_id = sanitize($_POST['assetclass_id']);
        $ip = sanitize($_POST['node_ip']);
        $mac = strip_mac(sanitize($_POST['node_mac']));
        if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1']));
        if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2']));
        $node_info = sanitize($_POST['node_info']);
        $subnet_id = $_POST['subnet_id'];
        $sql = "INSERT INTO asset (asset_name, asset_hostname, assetclass_id)
                   VALUE (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$asset_name, $asset_hostname, $assetclass_id]);
        $asset_id = $dbh->lastInsertId();
        $sql = "INSERT INTO node (
                    node_ip, node_mac, node_dns1, node_dns2, node_info,
                    subnet_id, asset_id
                )
                VALUES (?, ?, ?, ?, ?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$ip, $mac, $dns1, $dns2, $node_info, $subnet_id, $asset_id]);
        $action = ACT_VIEW;
        break;
    case 'exec-link':
        $node_ip = sanitize($_POST['node_ip']);
        $subnet_id = sanitize($_POST['subnet_id']);
        $asset_id = sanitize($_POST['asset_id']);
        $node_mac = strip_mac(sanitize($_POST['node_mac']));
        if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1']));
        if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2']));
        $node_info = $_POST['node_info'];
        $sql = "INSERT INTO node (
                    node_ip, node_mac, node_dns1, node_dns2, node_info,
                    subnet_id, asset_id
                ) 
                VALUES (?, ?, ?, ?, ?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$node_ip, $node_mac, $node_dns1, $node_dns2, $node_info,
                       $subnet_id, $asset_id]);
        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break; 
    case 'update':
        $asset_id = sanitize($_POST['asset_id']);
        $node_ip = sanitize($_POST['node_ip']);
        $subnet_id = sanitize($_POST['subnet_id']);
        $node_mac = strip_mac(sanitize($_POST['node_mac']));
        $node_dns1 = sanitize($_POST['node_dns1']);
        $node_dns2 = sanitize($_POST['node_dns2']);
        $node_info = sanitize($_POST['node_info']);
        $zone_id = sanitize($_POST['zone_id']);
        $flag_deleted = isset($_POST['flag_deleted']) or false;
        $flag_reserved = isset($_POST['flag_reserved']) or false;
        // construct flags
        $flags = array();
        if ($flag_deleted) $flags[] = 'deleted';
        if ($flag_reserved) $flags[] = 'reserved';
        $flags = empty($flags) ? NULL : implode(',', $flags);
        $sql = "UPDATE node SET
                    asset_id=?, node_ip=?, subnet_id=?, node_mac=?,
                    node_dns1=?, node_dns2=?, node_info=?, zone_id=?,
                    node_flags=?
                WHERE node_id=?";
        $sth = $dbh->prepare($sql);
        $sth->execute([$asset_id, $node_ip, $subnet_id, $node_mac, 
                       $node_dns1, $node_dns2, $node_info, $zone_id,
                       $flags,
                       $id]);
        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("SELECT node_ip FROM node WHERE node_id=?");
        $sth->execute([$id]);
        $node_ip = $sth->fetchColumn();
        $sth = $dbh->prepare("DELETE FROM node WHERE node_id=?");
        $sth->execute([$id]);
        $action = ACT_DEFAULT;
        $g_message->Add(sprintf(_('Node %s deleted'), $node_ip));
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
 if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 // filter preparation
 $p = array();
 $w = array();
 if(isset($_GET['subnet_id'])) {
    $subnet_id = sanitize($_GET['subnet_id']);
-    $subnet_view = "WHERE node.subnet_id=" . $subnet_id;
+    $w[] = "n.subnet_id=?";
    $p[] = $subnet_id;
    $smarty->assign("subnet_id", $subnet_id);
    // get subnet details for title
    $sql = "SELECT CONCAT_WS('/',subnet_address,subnet_mask) AS subnet
            FROM subnet
            WHERE subnet_id=?";
    $sth = $dbh->prepare($sql);
    $sth->execute([$subnet_id]);
    $smarty->assign("subnet", $sth->fetchColumn());
 } else {
-    $smarty->assign("subnet_id", "");
+    $smarty->assign("subnet_id", '');
 }
-$query = "SELECT
+// deleted records only for admin or manager
-        asset.asset_id,
+if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] == 0)) {
-        REPLACE(asset.asset_name, ' ', '&nbsp;') AS asset_name,
+    $w[] = "((n.node_flags IS NULL) OR (n.node_flags & 0x1 = 0))";
-        asset.asset_info,
+}
-        node.node_id,
+
-        node.node_ip
+// create sql with optional filter
-    FROM
+$where = join(' AND ', $w);
-        asset LEFT JOIN node USING (asset_id)
+
-    " . $subnet_view . "
+$sql = "SELECT a.asset_id,
-    GROUP BY
+            CONCAT(LEFT(a.asset_info,30), IF(CHAR_LENGTH(a.asset_info)>30,'...','')) AS asset_info,
-        node.node_id
+            REPLACE(a.asset_name, ' ', '&nbsp;') AS asset_name,
-    ORDER BY
+            n.node_id, n.node_ip, (n.node_flags & 0x1)=1 AS deleted,
-        INET_ATON(node.node_ip)";
+            CONCAT(LEFT(n.node_info,30), IF(CHAR_LENGTH(n.node_info)>30,'...','')) AS node_info,
            c.assetclass_id, c.assetclass_name
        FROM node AS n LEFT JOIN asset AS a USING (asset_id)
            LEFT JOIN assetclass AS c USING (assetclass_id)";
 if ($where) {
    $sql .= ' WHERE ' . $where . ' ';
 }
 $sql .= "GROUP BY n.node_id ORDER BY INET_ATON(n.node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute($p);
 $smarty->assign("nodes", $sth->fetchAll());
 $nodes = $db->db_select($query);
 $smarty->assign("nodes", $nodes);
 $smarty->display("node.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 // add node and asset
 if ((isset($_GET['node_ip'])) ? $node_ip = sanitize($_GET['node_ip']) : $node_ip = '');
 if ((isset($_GET['subnet_id'])) ?  $subnet_id = sanitize($_GET['subnet_id']) : $subnet_id = '');
 $smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
 $smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
 $smarty->assign("node_ip", $node_ip);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_options", db_get_options_subnet());
 $smarty->assign("assetclass_options", db_get_options_assetclass());
 $smarty->display("nodeadd.tpl");
 elseif ($action == ACT_LINK):
 // ========== VARIANT: add node with existing asset ===========================
 // addnodetoasset
 // same as node add but with existing object
 $asset_id = sanitize($_REQUEST['asset_id']);
 $node_ip = sanitize($_REQUEST['node_ip']);
 $subnet_id = sanitize($_REQUEST['subnet_id']);
 $smarty->assign("node_ip", $node_ip);
 $smarty->assign("asset_id", $asset_id);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("asset_options", db_get_options_asset());
 $smarty->assign("subnet_options",  db_get_options_subnet());
 $smarty->display("assignnodetoasset.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 // node
 $sql = "SELECT n.node_id AS id, n.node_ip AS ip, n.node_mac AS mac,
            n.node_dns1 AS dns1, n.node_dns2 AS dns2, n.node_info AS info,
            n.node_type AS type, n.node_flags AS flags, 
            (n.node_flags & 0x1)=1 AS deleted, (n.node_flags & 0x2)=2 AS reserved,
            a.asset_id, a.asset_name,
            c.assetclass_id, c.assetclass_name,
            s.subnet_id, s.subnet_address, s.subnet_mask,
            z.zone_origin
        FROM node AS n LEFT JOIN asset AS a USING (asset_id)
            LEFT JOIN assetclass AS c USING (assetclass_id)
            LEFT JOIN subnet AS s USING (subnet_id)
            LEFT JOIN zone AS z USING (zone_id)
        WHERE n.node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $node = $sth->fetch(PDO::FETCH_OBJ);
 $node->mac = write_mac($node->mac, $_SESSION['suser_mac']);
 $smarty->assign("node", $node);
 // nat
 $sql = "SELECT
            asset_ext.asset_id AS asset_id_ext,
            asset_int.asset_id AS asset_id_int,
            asset_ext.asset_name AS asset_name_ext,
            asset_int.asset_name AS asset_name_int,
            nat.nat_id AS nat_id,
            nat.nat_type AS nat_type,
            nat.nat_ext AS nat_ext,
            nat.nat_int AS nat_int,
            node_ext.node_ip AS node_ip_ext,
            node_int.node_ip AS node_ip_int,
            node_int.node_id AS node_id_int,
            node_ext.node_id AS node_id_ext
        FROM
            asset AS asset_ext,
            asset AS asset_int,
            nat,
            node AS node_ext,
            node AS node_int
        WHERE
            (nat.nat_ext=:node_id OR nat.nat_int=:node_id)
            AND node_ext.node_id=nat.nat_ext
            AND node_int.node_id=nat.nat_int
            AND asset_ext.asset_id=node_ext.asset_id
            AND asset_int.asset_id=node_int.asset_id
        ORDER BY
            INET_ATON(node_ext.node_ip),
            INET_ATON(node_int.node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute(['node_id' => $id]);
 $smarty->assign("natrules", $sth->fetchAll());
 $smarty->display("nodeview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT node_id AS id, node_ip AS ip, node_mac AS mac,
            node_dns1 AS dns1, node_dns2 AS dns2, node_info AS info,
            zone_id, asset_id, subnet_id, node_flags AS flags
 	FROM node
 	WHERE node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $node = $sth->fetch(PDO::FETCH_OBJ);
 $node->mac = write_mac($node->mac, $_SESSION['suser_mac']);
 $node->flags = explode(',', $node->flags);
 $smarty->assign("node", $node);
 $smarty->assign("asset_options", db_get_options_asset());
 $smarty->assign("subnet_options", db_get_options_subnet());
 $smarty->assign("zone_options", db_get_options_zone('(keine)'));
 $smarty->display("nodeedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $sql = "SELECT node_id AS id, node_ip AS ip, asset_id FROM node WHERE node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("nodedel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/nodeadd.php
+++ b/nodeadd.php
@ -1,26 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if ((isset($_GET['node_ip'])) ? $node_ip = sanitize($_GET['node_ip']) : $node_ip = '');
 if ((isset($_GET['subnet_id'])) ?  $subnet_id = sanitize($_GET['subnet_id']) : $subnet_id = '');
 include("header.php");
 $smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
 $smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
 $smarty->assign("node_ip", $node_ip);
 $smarty->assign("subnet_options", $db->options_subnet());
 $smarty->assign("assetclass_options", $db->options_assetclass());
 $smarty->display("nodeadd.tpl");
 include("footer.php");
 ?>
--- a/nodedel.php
+++ b/nodedel.php
@ -1,35 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_id = sanitize($_GET['node_id']);
 include("header.php");
 $query = "SELECT
 		asset_id,
 		node_ip
 	FROM
 		node
 	WHERE
 		node_id=" . $node_id;
 // run query
 $node = $db->db_select($query);
 // send to tpl
 $smarty->assign("node_id", $node_id);
 $smarty->assign("asset_id", $node[0]['asset_id']);
 $smarty->assign("node_ip", $node[0]['node_ip']);
 $smarty->display("nodedel.tpl");
 include("footer.php");
 ?>
--- a/nodeedit.php
+++ b/nodeedit.php
@ -1,54 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_id = sanitize($_GET['node_id']);
 include("header.php");
 $query = "SELECT
 		a.asset_id,
 		n.node_id,
 		n.node_ip,
 		n.node_mac,
 		n.node_dns1,
 		n.node_dns2,
 		n.node_info,
 		s.subnet_id,
 		n.zone_id
 	FROM
 		asset AS a,
 		node AS n,
 		subnet AS s
 	WHERE
 		a.asset_id=n.asset_id
 		AND n.node_id=" . $node_id . "
 		AND s.subnet_id=n.subnet_id";
 $node = $db->db_select($query);
 $smarty->assign("node_id", $node[0]['node_id']);
 $smarty->assign("node_ip", $node[0]['node_ip']);
 $smarty->assign("node_mac", write_mac($node[0]['node_mac']));
 $smarty->assign("node_dns1", $node[0]['node_dns1']);
 $smarty->assign("node_dns2", $node[0]['node_dns2']);
 $smarty->assign("node_info", $node[0]['node_info']);
 $smarty->assign("asset_id", $node[0]['asset_id']);
 $smarty->assign("subnet_id", $node[0]['subnet_id']);
 $smarty->assign("zone_id", $node[0]['zone_id']);
 $smarty->assign("asset_options", $db->options_asset());
 $smarty->assign("subnet_options", $db->options_subnet());
 $smarty->assign("zone_options", $db->options_zone("(keine)"));
 $smarty->display("nodeedit.tpl");
 include("footer.php");
 ?>
--- a/nodeview.php
+++ b/nodeview.php
@ -1,85 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if (isset($_GET['node_id']) && (!empty($_GET['node_id']))) {
    $node_id = sanitize($_GET['node_id']);
 } else {
    // redirect to error page
    header_location("comments.php?comments=error");
    exit;
 }
 include("header.php");
 // node
 $query = "SELECT
        asset.asset_id,
        asset.asset_name,
        node.node_id,
        node.node_ip,
        node.node_mac,
        node.node_dns1,
        node.node_dns2,
        node.node_info,
        node.node_type,
        subnet.subnet_id,
        subnet.subnet_address,
        subnet.subnet_mask,
        zone.zone_origin
    FROM
        node
        JOIN asset USING (asset_id)
        JOIN subnet USING (subnet_id)
        LEFT JOIN zone USING (zone_id)
    WHERE
        node.node_id=" . $node_id;
 $node = $db->db_select($query);
 $node[0]['node_mac'] = write_mac($node[0]['node_mac']);
 $smarty->assign("node", $node[0]);
 // nat
 $query = "SELECT
        asset_ext.asset_id AS asset_id_ext,
        asset_int.asset_id AS asset_id_int,
        asset_ext.asset_name AS asset_name_ext,
        asset_int.asset_name AS asset_name_int,
        nat.nat_id AS nat_id,
        nat.nat_type AS nat_type,
        nat.nat_ext AS nat_ext,
        nat.nat_int AS nat_int,
        node_ext.node_ip AS node_ip_ext,
        node_int.node_ip AS node_ip_int,
        node_int.node_id AS node_id_int,
        node_ext.node_id AS node_id_ext
    FROM
        asset AS asset_ext,
        asset AS asset_int,
        nat,
        node AS node_ext,
        node AS node_int
    WHERE
        (nat.nat_ext=" . $node_id . "
        OR nat.nat_int=" . $node_id . ")
        AND node_ext.node_id=nat.nat_ext
        AND node_int.node_id=nat.nat_int
        AND asset_ext.asset_id=node_ext.asset_id
        AND asset_int.asset_id=node_int.asset_id
    ORDER BY
        INET_ATON(node_ext.node_ip),
        INET_ATON(node_int.node_ip)";
 $natrules = $db->db_select($query);
 $smarty->assign("natrules", $natrules);
 $smarty->display("nodeview.tpl");
 include("footer.php");
 ?>
--- a/options.php
+++ b/options.php
@ -8,9 +8,243 @@ SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'edit': $action = ACT_EDIT; break;
    case 'pass': $action = ACT_PASSWORD; break;
    case 'update':
        $id = $_SESSION['suser_id'];
        $language = $_POST['user_language'];
        $imagesize = sanitize($_POST['user_imagesize']);
        $imagecount = sanitize($_POST['user_imagecount']);
        $mac = sanitize($_POST['user_mac']);
        $dateformat = sanitize($_POST['user_dateformat']);
        $dns1suffix = sanitize($_POST['user_dns1suffix']);
        $dns2suffix = sanitize($_POST['user_dns2suffix']);
        $tooltips = sanitize($_POST['user_tooltips']);
        $menu_assets = sanitize($_POST['user_menu_assets']);
        $menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
        $menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
        $menu_cables = sanitize($_POST['user_menu_cables']);
        $menu_locations = sanitize($_POST['user_menu_locations']);
        $menu_nodes = sanitize($_POST['user_menu_nodes']);
        $menu_nats = sanitize($_POST['user_menu_nats']);
        $menu_subnets = sanitize($_POST['user_menu_subnets']);
        $menu_vlans = sanitize($_POST['user_menu_vlans']);
        $menu_zones = sanitize($_POST['user_menu_zones']);
        // construct menu set
        $menu = array();
        if ($menu_assets) $menu[] = 'asset';
        if ($menu_assetclasses) $menu[] = 'class';
        if ($menu_assetclassgroups) $menu[] = 'group';
        if ($menu_cables) $menu[] = 'cable';
        if ($menu_locations) $menu[] = 'location';
        if ($menu_nodes) $menu[] = 'node';
        if ($menu_nats) $menu[] = 'nat';
        if ($menu_subnets) $menu[] = 'subnet';
        if ($menu_vlans) $menu[] = 'vlan';
        if ($menu_zones) $menu[] = 'zone';
        $menu = empty($menu) ? NULL : implode(',', $menu);
        $sql = "UPDATE user SET
                user_language=?, user_imagesize=?, user_imagecount=?,
                user_mac=?, user_dateformat=?, user_dns1suffix=?,
                user_dns2suffix=?, user_tooltips=?, user_menu=?
            WHERE
                user_id=?";
        $sth = $dbh->prepare($sql);
        $sth->execute([$language, $imagesize, $imagecount,
                       $mac, $dateformat, $dns1suffix,
                       $dns2suffix, $tooltips, $menu,
                       $id]);
        $_SESSION['suser_language'] = $language;
        $_SESSION['suser_imagesize'] = $imagesize;
        $_SESSION['suser_imagecount'] = $imagecount;
        $_SESSION['suser_mac'] = $mac;
        $_SESSION['suser_dateformat'] = $dateformat;
        $_SESSION['suser_dns1suffix'] = $dns1suffix;
        $_SESSION['suser_dns2suffix'] = $dns2suffix;
        $_SESSION['suser_menu_assets'] = $menu_assets;
        $_SESSION['suser_menu_assetclasses'] = $menu_assetclasses;
        $_SESSION['suser_menu_assetclassgroups'] = $menu_assetclassgroups;
        $_SESSION['suser_menu_cables'] = $menu_cables;
        $_SESSION['suser_menu_locations'] = $menu_locations;
        $_SESSION['suser_menu_nodes'] = $menu_nodes;
        $_SESSION['suser_menu_nats'] = $menu_nats;
        $_SESSION['suser_menu_subnets'] = $menu_subnets;
        $_SESSION['suser_menu_vlans'] = $menu_vlans;
        $_SESSION['suser_menu_zones'] = $menu_zones;
        $_SESSION['suser_tooltips'] = $tooltips;
        $action = ACT_DEFAULT;
        break;
    case 'exec-pass':
        $user_id = $_SESSION['suser_id'];
        $currentpass = sanitize($_POST['user_currentpass']);
        $newpass1 = sanitize($_POST['user_newpass1']);
        $newpass2 = sanitize($_POST['user_newpass2']);
        $sth = $dbh->prepare("SELECT user_pass FROM user WHERE user_id=?");
        $sth->execute([$user_id]);
        $userpass = $sth->fetchColumn();
        $action = ACT_PASSWORD;
        if (password_verify($currentpass, $userpass)) {
            if (strlen($newpass1) >= 5) {
                if (!strcmp($newpass1, $newpass2)) {
                    $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
                    $newhash = password_hash($newpass1, PASSWORD_BCRYPT);
                    $sth->execute([$newhash, $user_id]);
                    $action = ACT_DEFAULT;
                } else {
                    $g_error->Add('New passwords do not match!');
                }
            } else {
                $g_error->Add('New password is to simple!');
            }
        } else {
            $g_error->Add('Current password wrong!');
        }
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
 if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 $smarty->assign('realm', $_SESSION['suser_realm']);
 $smarty->assign('role_add', $_SESSION['suser_role_add']);
 $smarty->assign('role_edit', $_SESSION['suser_role_edit']);
 $smarty->assign('role_delete', $_SESSION['suser_role_delete']);
 $smarty->assign('role_manage', $_SESSION['suser_role_manage']);
 $smarty->assign('role_admin', $_SESSION['suser_role_admin']);
 $smarty->display("options.tpl");
-include("footer.php");
+elseif ($action == ACT_EDIT):
-?>
+// ========== VARIANT: edit display options ===================================
 $smarty->assign("language", lang_getfrombrowser($config_lang, $config_lang_default));
 // available languages
 $lang_options = array();
 foreach ($config_lang as $lang) {
    $lang_options[$lang] = $lang;
 }
 $smarty->assign("lang_options", $lang_options);
 if($_SESSION['suser_menu_assets']=='on') {
 	$user_menu_assets_checked = 'checked';
 } else {
 	$user_menu_assets_checked = '';
 }
 // assetclasses
 if($_SESSION['suser_menu_assetclasses']=='on') {
 	$user_menu_assetclasses_checked = 'checked';
 } else {
 	$user_menu_assetclasses_checked = '';
 }
 // assetclassgroups
 if($_SESSION['suser_menu_assetclassgroups']=='on') {
 	$user_menu_assetclassgroups_checked = 'checked';
 } else {
 	$user_menu_assetclassgroups_checked = '';
 }
 // cables
 if($_SESSION['suser_menu_cables']=='on') {
 	$user_menu_cables_checked = 'checked';
 } else {
 	$user_menu_cables_checked = '';
 }
 // locations
 if($_SESSION['suser_menu_locations']=='on') {
 	$user_menu_locations_checked = 'checked';
 } else {
 	$user_menu_locations_checked = '';
 }
 // nodes
 if($_SESSION['suser_menu_nodes']=='on') {
 	$user_menu_nodes_checked = 'checked';
 } else {
 	$user_menu_nodes_checked = '';
 }
 // nats
 if($_SESSION['suser_menu_nats']=='on') {
 	$user_menu_nats_checked = 'checked';
 } else {
 	$user_menu_nats_checked = '';
 }
 // subnets
 if($_SESSION['suser_menu_subnets']=='on') {
 	$user_menu_subnets_checked = 'checked';
 } else {
 	$user_menu_subnets_checked = '';
 }
 // vlans
 if($_SESSION['suser_menu_vlans']=='on') {
 	$user_menu_vlans_checked = 'checked';
 } else {
 	$user_menu_vlans_checked = '';
 }
 // zones
 if($_SESSION['suser_menu_zones']=='on') {
 	$user_menu_zones_checked = 'checked';
 } else {
 	$user_menu_zones_checked = '';
 }
 // tooltips
 if($_SESSION['suser_tooltips']=='on') {
 	$user_tooltips_checked = 'checked';
 } else {
 	$user_tooltips_checked = '';
 }
 $smarty->assign("user_id", $_SESSION['suser_id']);
 $smarty->assign("user_imagesize", $_SESSION['suser_imagesize']);
 $smarty->assign("user_imagecount", $_SESSION['suser_imagecount']);
 $smarty->assign("user_mac", $_SESSION['suser_mac']);
 $smarty->assign("user_dateformat", $_SESSION['suser_dateformat']);
 $smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
 $smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
 $smarty->assign("user_language", $_SESSION['suser_language']);
 $smarty->assign("user_menu_assets_checked", $user_menu_assets_checked);
 $smarty->assign("user_menu_assetclasses_checked", $user_menu_assetclasses_checked);
 $smarty->assign("user_menu_assetclassgroups_checked", $user_menu_assetclassgroups_checked);
 $smarty->assign("user_menu_cables_checked", $user_menu_cables_checked);
 $smarty->assign("user_menu_locations_checked", $user_menu_locations_checked);
 $smarty->assign("user_menu_nodes_checked", $user_menu_nodes_checked);
 $smarty->assign("user_menu_nats_checked", $user_menu_nats_checked);
 $smarty->assign("user_menu_subnets_checked", $user_menu_subnets_checked);
 $smarty->assign("user_menu_vlans_checked", $user_menu_vlans_checked);
 $smarty->assign("user_menu_zones_checked", $user_menu_zones_checked);
 $smarty->assign("user_tooltips_checked", $user_tooltips_checked);
 $smarty->display("optionseditdisplay.tpl");
 elseif ($action == ACT_PASSWORD):
 // ========== VARIANT: password ===============================================
 $smarty->display("optionseditpassword.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/optionseditdisplay.php
+++ b/optionseditdisplay.php
@ -1,99 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 include("header.php");
 $smarty->assign("language", $language);
 if($_SESSION['suser_menu_assets']=='on') {
 	$user_menu_assets_checked = 'checked';
 } else {
 	$user_menu_assets_checked = '';
 }
 // assetclasses
 if($_SESSION['suser_menu_assetclasses']=='on') {
 	$user_menu_assetclasses_checked = 'checked';
 } else {
 	$user_menu_assetclasses_checked = '';
 }
 // assetclassgroups
 if($_SESSION['suser_menu_assetclassgroups']=='on') {
 	$user_menu_assetclassgroups_checked = 'checked';
 } else {
 	$user_menu_assetclassgroups_checked = '';
 }
 // locations
 if($_SESSION['suser_menu_locations']=='on') {
 	$user_menu_locations_checked = 'checked';
 } else {
 	$user_menu_locations_checked = '';
 }
 // nodes
 if($_SESSION['suser_menu_nodes']=='on') {
 	$user_menu_nodes_checked = 'checked';
 } else {
 	$user_menu_nodes_checked = '';
 }
 // subnets
 if($_SESSION['suser_menu_subnets']=='on') {
 	$user_menu_subnets_checked = 'checked';
 } else {
 	$user_menu_subnets_checked = '';
 }
 // users
 if($_SESSION['suser_menu_users']=='on') {
 	$user_menu_users_checked = 'checked';
 } else {
 	$user_menu_users_checked = '';
 }
 // vlans
 if($_SESSION['suser_menu_vlans']=='on') {
 	$user_menu_vlans_checked = 'checked';
 } else {
 	$user_menu_vlans_checked = '';
 }
 // zones
 if($_SESSION['suser_menu_zones']=='on') {
 	$user_menu_zones_checked = 'checked';
 } else {
 	$user_menu_zones_checked = '';
 }
 // tooltips
 if($_SESSION['suser_tooltips']=='on') {
 	$user_tooltips_checked = 'checked';
 } else {
 	$user_tooltips_checked = '';
 }
 $smarty->assign("user_id", $_SESSION['suser_id']);
 $smarty->assign("user_imagesize", $_SESSION['suser_imagesize']);
 $smarty->assign("user_imagecount", $_SESSION['suser_imagecount']);
 $smarty->assign("user_mac", $_SESSION['suser_mac']);
 $smarty->assign("user_dateformat", $_SESSION['suser_dateformat']);
 $smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
 $smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
 $smarty->assign("user_language", $_SESSION['suser_language']);
 $smarty->assign("user_menu_assets_checked", $user_menu_assets_checked);
 $smarty->assign("user_menu_assetclasses_checked", $user_menu_assetclasses_checked);
 $smarty->assign("user_menu_assetclassgroups_checked", $user_menu_assetclassgroups_checked);
 $smarty->assign("user_menu_locations_checked", $user_menu_locations_checked);
 $smarty->assign("user_menu_nodes_checked", $user_menu_nodes_checked);
 $smarty->assign("user_menu_subnets_checked", $user_menu_subnets_checked);
 $smarty->assign("user_menu_users_checked", $user_menu_users_checked);
 $smarty->assign("user_menu_vlans_checked", $user_menu_vlans_checked);
 $smarty->assign("user_menu_zones_checked", $user_menu_zones_checked);
 $smarty->assign("user_tooltips_checked", $user_tooltips_checked);
 $smarty->display("optionseditdisplay.tpl");
 include("footer.php");
 ?>
--- a/optionseditpassword.php
+++ b/optionseditpassword.php
@ -1,16 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 include("header.php");
 $smarty->display("optionseditpassword.tpl");
 include("footer.php");
 ?>
--- a/search.php
+++ b/search.php
@ -15,131 +15,103 @@ include("header.php");
 if (empty($search)) {
    // parse nosearch box
    $smarty->assign("nosearch", TRUE);
-} else {
+    $smarty->display("search.tpl");
-    // hide nosearch box
+    $smarty->display("footer.tpl");
-    $smarty->assign("nosearch", FALSE);
+    exit;
    $smarty->assign("search", $search);
    // set needle
    $needle = '%' . $search . '%';
    // set counter
    $resultcounter = 0;
    // asset
    $query = "SELECT
            asset_id AS id,
            asset_name AS name,
            asset_info AS description
        FROM
            asset
        WHERE
            asset_name LIKE '" . $needle . "'
            OR asset_hostname LIKE '" . $needle . "'
            OR asset_info LIKE '" . $needle . "'
        ORDER BY
            asset_name";
    $assets = $db->db_select($query);
    $resultcounter += count($assets);
    $smarty->assign("assets", $assets);
    // location
    $query = "SELECT
            location_id AS id,
            location_name AS name
        FROM
            location
        WHERE
            location_name LIKE '" . $needle . "'
            OR location_info LIKE '" . $needle . "'
        ORDER BY
            location_name";
    $locations = $db->db_select($query);
    $resultcounter += count($locations);
    $smarty->assign("locations", $locations);
    // node
    $query = "SELECT
            node_id AS id,
            node_ip AS ip
        FROM
            node
        WHERE
            node_ip LIKE '" . $needle . "'
            OR node_mac LIKE '" . $needle . "'
            OR node_dns1 LIKE '" . $needle . "'
            OR node_dns2 LIKE '" . $needle . "'
            OR node_info LIKE '" . $needle . "'
        ORDER BY
            node_ip";
    $nodes = $db->db_select($query);
    $resultcounter += count($nodes);
    $smarty->assign("nodes", $nodes);
    // subnet
    $query = "SELECT
            subnet_id AS id,
            subnet_address AS address
        FROM
            subnet
        WHERE
            subnet_address LIKE '" . $needle . "'
            OR subnet_info LIKE '" . $needle . "'
        ORDER BY
            subnet_address";
    // run query
    $subnets = $db->db_select($query);
    $resultcounter += count($subnets);
    $smarty->assign("subnets", $subnets);
    // vlan
    $query = "SELECT
            vlan_id AS id,
            vlan_name AS name
        FROM
            vlan
        WHERE
            vlan_name LIKE '" . $needle . "'
            OR vlan_info LIKE '" . $needle . "'
        ORDER BY
            vlan_name";
    $vlans = $db->db_select($query);
    $resultcounter += count($vlans);
    $smarty->assign("vlans", $vlans);
    // setup zone
    $query = "SELECT
            zone_id AS id,
            zone_origin AS origin
        FROM
            zone
        WHERE
            zone_origin LIKE '" . $needle . "'
            OR zone_soa LIKE '" . $needle . "'
            OR zone_hostmaster LIKE '" . $needle . "'
            OR zone_ns1 LIKE '" . $needle . "'
            OR zone_ns2 LIKE '" . $needle . "'
            OR zone_ns3 LIKE '" . $needle . "'
            OR zone_mx1 LIKE '" . $needle . "'
            OR zone_mx2 LIKE '" . $needle . "'
            OR zone_info LIKE '" . $needle . "'
        ORDER BY
            zone_origin";
    $zones = $db->db_select($query);
    $resultcounter += count($zones);
    $smarty->assign("zones", $zones);
    // grand totals
    $smarty->assign("resultcounter", $resultcounter);
 }
 // hide nosearch box
 $smarty->assign("nosearch", FALSE);
 $smarty->assign("search", $search);
 $needle = '%' . $search . '%';
 $resultcounter = 0;
 // asset
 $sql = "SELECT a.asset_id AS id, a.asset_name AS name, 
            CONCAT(LEFT(asset_info, 50), IF(CHAR_LENGTH(asset_info)>50,'...','')) AS description,
            c.assetclass_name AS assetclass
        FROM asset AS a LEFT JOIN assetclass AS c USING (assetclass_id)
        WHERE a.asset_name LIKE :needle OR a.asset_hostname LIKE :needle
 		   OR a.asset_info LIKE :needle
        ORDER BY a.asset_name";
 $sth = $dbh->prepare($sql);
 $sth->execute(['needle' => $needle]);
 $assets = $sth->fetchAll();
 $resultcounter += count($assets);
 $smarty->assign("assets", $assets);
 // location
 $sql = "SELECT location_id AS id, location_name AS name
        FROM location
        WHERE location_name LIKE :needle OR location_info LIKE :needle
        ORDER BY location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute(['needle' => $needle]);
 $locations = $sth->fetchAll();
 $resultcounter += count($locations);
 $smarty->assign("locations", $locations);
 // node
 $sql = "SELECT node_id AS id, node_ip AS ip,
            CONCAT(LEFT(node_info, 30), IF(CHAR_LENGTH(node_info)>30,'...','')) AS info
        FROM node
 	    WHERE node_ip LIKE :needle OR node_mac LIKE :needle
           OR node_dns1 LIKE :needle OR node_dns2 LIKE :needle
           OR node_info LIKE :needle
        ORDER BY node_ip";
 $sth = $dbh->prepare($sql);
 $sth->execute(['needle' => $needle]);
 $nodes = $sth->fetchAll();
 $resultcounter += count($nodes);
 $smarty->assign("nodes", $nodes);
 // subnet
 $sql = "SELECT subnet_id AS id, subnet_address AS address
        FROM subnet
        WHERE subnet_address LIKE :needle OR subnet_info LIKE :needle
        ORDER BY subnet_address";
 $sth = $dbh->prepare($sql);
 $sth->execute(['needle' => $needle]);
 $subnets = $sth->fetchAll();
 $resultcounter += count($subnets);
 $smarty->assign("subnets", $subnets);
 // vlan
 $sql = "SELECT vlan_id AS id, vlan_name AS name
        FROM vlan
        WHERE vlan_name LIKE :needle OR vlan_info LIKE :needle
        ORDER BY vlan_name";
 $sth = $dbh->prepare($sql);
 $sth->execute(['needle' => $needle]);
 $vlans = $sth->fetchAll();
 $resultcounter += count($vlans);
 $smarty->assign("vlans", $vlans);
 // setup zone
 $sql = "SELECT zone_id AS id, zone_origin AS origin
        FROM zone
        WHERE zone_origin LIKE :needle OR zone_soa LIKE :needle
           OR zone_hostmaster LIKE :needle OR zone_ns1 LIKE :needle
           OR zone_ns2 LIKE :needle OR zone_ns3 LIKE :needle
           OR zone_mx1 LIKE :needle OR zone_mx2 LIKE :needle
           OR zone_info LIKE :needle
        ORDER BY zone_origin";
 $sth = $dbh->prepare($sql);
 $sth->execute(['needle' => $needle]);
 $zones = $sth->fetchAll();
 $resultcounter += count($zones);
 $smarty->assign("zones", $zones);
 // grand totals
 $smarty->assign("resultcounter", $resultcounter);
 $smarty->display("search.tpl");
-include("footer.php");
+$smarty->display("footer.tpl");
 ?>
--- a/submit.php
+++ b/submit.php
--- a/subnet.php
+++ b/subnet.php
@ -8,27 +8,741 @@ SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ADDITIONAL ACTION DEFINITIONS ===================================
 define ('ACT_LOCATION_EDIT', 100);
 define ('ACT_LOCATION_ADD', 101);
 define ('ACT_LOCATION_DEL', 102);
 define ('ACT_VLAN_EDIT', 103);
 define ('ACT_VLAN_ADD', 104);
 define ('ACT_VLAN_DEL', 105);
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'link':  $action = ACT_LINK; break;
    // Location
    case 'ledit': $action = ACT_LOCATION_EDIT; break;
    case 'ladd':  $action = ACT_LOCATION_ADD; break;
    case 'ldel':  $action = ACT_LOCATION_DEL; break;
    // VLAN
    case 'vedit': $action = ACT_VLAN_EDIT; break;
    case 'vadd':  $action = ACT_VLAN_ADD; break;
    case 'vdel':  $action = ACT_VLAN_DEL; break;
    case 'exec-ledit':
        if ($_POST['action'] == 'subnetlocationadd') {
            $action = ACT_LOCATION_ADD;
        } elseif ($_POST['action'] == 'subnetlocationdel') {
            $action = ACT_LOCATION_DEL;
        } else {
            $g_warning->Add('Invalid action: '. $_POST['action']);
        }
        break;
    case 'exec-ladd':
        $location_id = sanitize($_POST['location_id']);
        $sql = "INSERT INTO subnetlocation (location_id, subnet_id) VALUES (?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$location_id, $id]);
        $action = ACT_VIEW;
        break;
    case 'exec-ldel':
        $location_id = sanitize($_POST['location_id']);
        $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
        $sth->execute([$location_id, $id]);
        $g_message->Add('Removed link to location');
        $action = ACT_VIEW;
        break;
    case 'exec-vedit':
        if ($_POST['action'] == 'subnetvlanadd') {
            $action = ACT_VLAN_ADD;
        } elseif ($_POST['action'] == 'subnetvlandel') {
            $action = ACT_VLAN_DEL;
        } else {
            $g_warning->Add('Invalid action: '. $_POST['action']);
        }
        break;
    case 'exec-vadd':
        $vlan_id = sanitize($_POST['vlan_id']);
        $sql = "INSERT INTO subnetvlan (subnet_id, vlan_id) VALUES (?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$id, $vlan_id]);
        $action = ACT_VIEW;
        break;
    case 'exec-vdel':
        $vlan_id = sanitize($_POST['vlan_id']);
        $sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?");
        $sth->execute([$id, $vlan_id]);
        $g_message->Add('Removed link to vlan');
        $action = ACT_VIEW;
        break;        
    case 'insert':
        $address= sanitize($_POST['subnet_address']);
        $mask = sanitize($_POST['subnet_mask']);
        $info = sanitize($_POST['subnet_info']);
        $dhcp_start = sanitize($_POST['dhcp_start']);
        $dhcp_end = sanitize($_POST['dhcp_end']);
        $ntp_server = sanitize($_POST['ntp_server']);
        $sql = "INSERT INTO subnet (
                    subnet_address, subnet_mask, subnet_info,
                    subnet_dhcp_start, subnet_dhcp_end, ntp_server
                ) VALUES (
                    :address, :mask, :info,
                    :dhcp_start, :dhcp_end, :ntp_server
                )";
        $sth = $dbh->prepare($sql);
        $sth->bindValue(':address', $address, PDO::PARAM_STR);
        $sth->bindValue(':mask', $mask, PDO::PARAM_INT);
        $sth->bindValue(':dhcp_start', $dhcp_start, PDO::PARAM_STR);
        $sth->bindValue(':dhcp_end', $dhcp_end, PDO::PARAM_STR);
        $sth->bindValue(':ntp_server', $ntp_server, PDO::PARAM_STR);
        $sth->bindValue(':info', $info, PDO::PARAM_STR);
        $sth->execute();
        $id = $dbh->lastInsertId();
        // vlan if selected
        $vlan_id = intval(sanitize($_POST['vlan_id']));
        if ($vlan_id > 0) {
            $sql = "INSERT INTO subnetvlan (subnet_id, vlan_id) VALUES (?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$id, $vlan_id]);
        }
        $action = ACT_VIEW;
        break;
    case 'update':
        $address= sanitize($_POST['subnet_address']);
        $proto_vers = sanitize($_POST['subnet_proto_vers']);
        $mask = sanitize($_POST['subnet_mask']);
        $dhcp_start = sanitize($_POST['dhcp_start']);
        $dhcp_end = sanitize($_POST['dhcp_end']);
        $ntp_server = sanitize($_POST['ntp_server']);
        $info = sanitize($_POST['subnet_info']);
        $sql = "UPDATE subnet SET
                    subnet_address=?, subnet_mask=?, subnet_dhcp_start=?,
                    subnet_dhcp_end=?, subnet_info=?, protocol_version=?,
                    ntp_server=?
                WHERE subnet_id=?";
        $sth = $dbh->prepare($sql);
        $sth->execute([$address, $mask, $dhcp_start,
                       $dhcp_end, $info, $proto_vers,
                       $ntp_server, $id]);
        $action = ACT_VIEW;
        break;
    case 'delete':
        // TODO delete NAT 
        $sth = $dbh->prepare("DELETE FROM node WHERE subnet_id=?");
        $sth->execute([$id]);
        $count = $sth->rowCount();
        $g_message->Add("Deleted $count nodes");
        $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE subnet_id=?");
        $sth->execute([$id]);
        $count = $sth->rowCount();
        $g_message->Add("Deleted $count location links");
        $sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=?");
        $sth->execute([$id]);
        $count = $sth->rowCount();
        $g_message->Add("Deleted $count vlan links");
        $sth = $dbh->prepare("DELETE FROM subnet WHERE subnet_id=?");
        $sth->execute([$id]);
        $g_message->Add("Deleted subnet");
        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 $smarty->assign("action", $action);
 // ========== ACTIONS END =====================================================
 $smarty->assign("scripts",'changetext.js');
 include("header.php");
-$query = "SELECT
+if ($action == ACT_DEFAULT):
-        s.subnet_id,
+// ========== VARIANT: default behavior =======================================
        s.subnet_address,
        s.subnet_mask,
        s.ntp_server,
        LEFT(s.subnet_info, 40) AS subnet_info,
        CHAR_LENGTH(s.subnet_info) AS subnet_length,
        COUNT(node.subnet_id) AS node_counter
    FROM
        subnet AS s LEFT JOIN node USING (subnet_id)
    GROUP BY
        s.subnet_id
    ORDER BY
        INET_ATON(s.subnet_address)";
-$subnets = $db->db_select($query);
+$sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask,
            s.ntp_server, 
            CONCAT(LEFT(s.subnet_info, 50), IF(CHAR_LENGTH(s.subnet_info)>50,'...','')) AS subnet_info,
            COUNT(node.subnet_id) AS node_counter
        FROM subnet AS s LEFT JOIN node USING (subnet_id)
        GROUP BY s.subnet_id
        ORDER BY INET_ATON(s.subnet_address)";
 $sth = $dbh->query($sql);
 $smarty->assign("subnets", $sth->fetchAll());
 $smarty->assign("subnets", $subnets);
 $smarty->display("subnet.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 if((isset($_GET['vlan_id'])) ? $vlan_id = sanitize($_GET['vlan_id']) : $vlan_id = "");
 $smarty->assign("vlan_id", $vlan_id);
 $smarty->assign("vlan_options", db_get_options_vlan($lang['lang_option_none']));
 $smarty->display("subnetedit.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 if(isset($_GET['page'])) {
    $page = sanitize($_GET['page']);
 }
 // subnet
 $sql = "SELECT s.subnet_id AS id, s.subnet_address AS address, s.subnet_mask AS mask,
            s.subnet_dhcp_start AS dhcp_start, s.subnet_dhcp_end AS dhcp_end,
            s.subnet_info AS info, s.protocol_version AS proto_vers,
            s.ntp_server,
            COUNT(n.subnet_id) AS node_counter
        FROM subnet AS s LEFT JOIN node AS n USING (subnet_id)
        WHERE s.subnet_id=? 
          AND ((n.node_flags IS NULL) OR (n.node_flags & 0x1 = 0))
        GROUP BY s.subnet_id";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $subnet = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("subnet", $subnet);
 // set counters
 $host_counter = pow(2, (32-$subnet->mask));
 $node_counter = $subnet->node_counter;
 $subnet_usedpercentage = round((($node_counter/($host_counter-2))*100), 1);
 $smarty->assign("node_counter", $node_counter);
 $smarty->assign("subnet_usedpercentage", $subnet_usedpercentage);
 $smarty->assign("config_color_unused", $config_color_unused);
 $smarty->assign("host_counter", $host_counter-2);
 $smarty->assign("free_counter", (($host_counter-2)-$node_counter));
 // subnet
 // split up the range
 $iprange = explode('.', $subnet->address);
 $iprange1 = $iprange[0];
 $iprange2 = $iprange[1];
 $iprange3 = $iprange[2];
 $iprange4 = $iprange[3];
 // create empty subnet-array
 $subnetdata = array();
 // determine range (Class A/B/C)
 if ($subnet->mask >= 24) {
    // Class C
    // fill subnet-array with addresses we want to see
    for($i=0; $i<$host_counter; $i++) {
        // build ip
        $ip = $iprange1 . '.' . $iprange2 . '.' . $iprange3 . '.' . ($iprange4+$i);
        // fill subnet-array
        $subnetdata[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . $iprange2 . '.' . $iprange3 .  '.' . ($iprange4+$i-1);
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    $smarty->assign("iprange3", $iprange3);
    $smarty->assign("iprange4", $iprange4);
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 255);
    $smarty->assign("subnetmask3", 255);
    $smarty->assign("subnetmask4", 256-$host_counter);
    // no pagination needed
    $smarty->assign("noselect", TRUE);
    $smarty->assign("one_select", FALSE);
    $smarty->assign("two_select", FALSE);
    // set displayed nodes
    $nodes_displayed = $host_counter;
 } else if ($subnet->mask >= 16) {
    // Class B
    // which part do we want to see?
    if ((empty($page)) ? $page = $subnet->address : $page = $page);
    $page = explode('.', $page);
    $page2 = $page[2];
    // fill subnet-array with addresses we want to see
    for($i=0; $i<256; $i++) {
        // build ip
        $ip = $iprange1 . '.' . $iprange2 . '.' . $page2 .  '.' . $i;
        // fill subnet-array
        $subnetdata[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . $iprange2 . '.' . ($iprange3+$i-1) .  '.255';
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    // loop addresses in range3
    for ($i=$iprange3; $i<(pow(2,(32-$subnet->mask))/256); $i++) {
        // send to tpl
        $smarty->assign("iprange3", $i);
        $smarty->assign("iprange4", 0);
        // set select box
        if ($i == $page2) {
            $smarty->assign("row_selected", "selected");
        } else {
            $smarty->assign("row_selected", "");
        }
    }
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 255);
    $smarty->assign("subnetmask3", 256-($host_counter/256));
    $smarty->assign("subnetmask4", 0);
    // one select box
    $smarty->assign("noselect", FALSE);
    $smarty->assign("one_select", TRUE);
    $smarty->assign("two_select", FALSE);
    // set displayed nodes
    $nodes_displayed = 256;
 } else {
    // Class A
    // which part do we want to see?
    if ((empty($page)) ? $page = $subnet->address : $page = $page);
    $page = explode('.', $page);
    $page2 = $page[1];
    $page3 = $page[2];
    // fill subnet-array with addresses we want to see
    for($i=0; $i<256; $i++) {
        // build ip
        $ip = $iprange1 . '.' . $page2 . '.' . $page3 .  '.' . $i;
        // fill subnet-array
        $subnetdata[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . ($iprange2+$i-1) . '.255.255';
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    // loop addresses in range 2
    for ($i=$iprange2; $i<(pow(2,(24-$subnet->mask))/256); $i++) {
        // send to tpl
        $smarty->assign("iprange1", $iprange1);
        $smarty->assign("iprange2", $i);
        $smarty->assign("iprange3", $page3);
        $smarty->assign("iprange4", $iprange4);
        // set select box
        if($i == $page2) {
            $smarty->assign("row1_selected", "selected");
        } else {
            $smarty->assign("row1_selected", "");
        }
    }
    // loop addresses in range 3
    for ($i=0; $i<256; $i++) {
        // send to tpl
        $smarty->assign("iprange1", $iprange1);
        $smarty->assign("iprange2", $page2);
        $smarty->assign("iprange3", $i);
        $smarty->assign("iprange4", $iprange4);
        // set select box
        if($i==$page3) {
            $smarty->assign("row2_selected", "selected");
        } else {
            $smarty->assign("row2_selected", "");
        }
    }
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 256-($host_counter/65536));
    $smarty->assign("subnetmask3", 0);
    $smarty->assign("subnetmask4", 0);
    // one select box
    $smarty->assign("noselect", FALSE);
    $smarty->assign("one_select", FALSE);
    $smarty->assign("two_select", TRUE);
    // set displayed nodes
    $nodes_displayed = 256;
 }
 // get nodes for this subnetview and implement the values into the array
 // TODO this is very bad SQL
 /*$sql = "SELECT a.asset_name, g.assetclassgroup_color, n.node_id, n.node_ip
        FROM
            asset AS a,
            assetclass AS c,
            assetclassgroup AS g,
            node AS n
    WHERE
        n.node_ip IN ('".implode("','",array_keys($subnetdata))."')
        AND n.subnet_id=?
        AND a.asset_id=n.asset_id
        AND c.assetclass_id=a.assetclass_id
        AND g.assetclassgroup_id=c.assetclassgroup_id"; */
 $sql = "SELECT
            a.asset_name, g.assetclassgroup_color, n.node_id, n.node_ip
        FROM node AS n
            LEFT JOIN asset AS a USING (asset_id)
            LEFT JOIN assetclass AS c USING (assetclass_id)
            LEFT JOIN assetclassgroup AS g USING (assetclassgroup_id)
        WHERE n.subnet_id=:subnet_id
          AND ((n.node_flags IS NULL) OR (n.node_flags & 0x1 = 0))
          AND INET_ATON(n.node_ip) BETWEEN :ipfrom AND :ipto";
 // Debug $smarty->assign("sql",array_key_first($subnetdata) .  " - " . array_key_last($subnetdata) );
 $sth = $dbh->prepare($sql);
 $sth->bindValue(':ipfrom', ip2long(array_key_first($subnetdata)), PDO::PARAM_INT);
 $sth->bindValue(':ipto', ip2long(array_key_last($subnetdata)), PDO::PARAM_INT);
 $sth->bindValue(':subnet_id', $id, PDO::PARAM_INT);
 $sth->execute();
 $nodes = $sth->fetchAll();
 $smarty->assign("nodes", $nodes);
 if (count($nodes) > 0) {
    foreach ($nodes AS $node) {
        $subnetdata[$node['node_ip']] = $node;
    }
 }
 // replace ip's in subnet-array (if necessary)
 // check for subnet address
 if (array_key_exists($subnet->address, $subnetdata)) {
    // replace
    $subnetdata[$subnet->address] = array("subnet_address");
 }
 // check for broadcast address
 if (array_key_exists($broadcast_address, $subnetdata)) {
    // replace
    $subnetdata[$broadcast_address] = array("broadcast_address");
 }
 $dhcpstart = 0;
 if ($subnet->dhcp_start && $subnet->dhcp_end) {
    $dhcpstart = ip2long($subnet->dhcp_start);
    $dhcpend = ip2long($subnet->dhcp_end);
 }
        // loop subnet-array and send to template
            // start counter
 //            $i=1;
            // loop subnet-array
 foreach ($subnetdata AS $node_ip => $node) {
 // make new line?
 //   if(($i%$_SESSION['suser_imagecount']==0 && $i!=$nodes_displayed) ? $tr="</tr><tr>" : $tr="");
    // check if node-ip in DHCP-area
    $subnetdata[$node_ip]["dynamic"] = false;
    if ($dhcpstart > 0) {
        $ipval = ip2long($node_ip);
        if (($ipval >= $dhcpstart) and ($ipval <= $dhcpend)) {
            $subnetdata[$node_ip]["dynamic"] = true;
        }
    }
    // check node
    if (empty($node)) {
        // empty node to tpl
        $subnetdata[$node_ip]["url"] = 'subnet.php?f=link&id=' . $id . '&amp;node_ip='. $node_ip;
        $subnetdata[$node_ip]["remotetext"] = $node_ip;
        if ($subnetdata[$node_ip]["dynamic"]) {
            $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_dynamic;
        } else {
            $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_unused;
        }
    } else if (array_key_exists(0, $node) && $node[0]=="subnet_address") {
       // subnet address to tpl
        $subnetdata[$node_ip]["url"] = "";
        $subnetdata[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $lang['lang_subnet_subnetaddress'];
        $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
    } else if (array_key_exists(0, $node) && $node[0]=="broadcast_address") {
        // broadcast address to tpl
        $subnetdata[$node_ip]["url"] = "";
        $subnetdata[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $lang['lang_subnet_broadcastaddress'];
        $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
    } else {
        // node to tpl
        $subnetdata[$node_ip]["url"] = 'node.php?f=view&id=' . $node['node_id'];
        $subnetdata[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $node['asset_name'];
        $subnetdata[$node_ip]["assetclassgroup_color"] = $node['assetclassgroup_color'];
    }
    // update counter
    //   $i++;
 } // foreach
 $smarty->assign("subnetdata", $subnetdata);
 $smarty->assign("imagewrap", $_SESSION['suser_imagecount']);
 // vlans
 $sql = "SELECT v.vlan_id AS id, v.vlan_name AS name,
              v.vlan_number AS number
        FROM subnetvlan AS s JOIN vlan AS v USING (vlan_id)
        WHERE s.subnet_id=?
        ORDER BY v.vlan_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("vlans", $sth->fetchAll());
 // locations
 $sql = "SELECT l.location_id, l.location_name
        FROM location AS l LEFT JOIN subnetlocation AS s USING (location_id)
        WHERE s.subnet_id=?
        ORDER BY l.location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("locations", $sth->fetchAll());
 // assetclasses with color from assetclassgroup
 $sql = "SELECT assetclass_id AS id, assetclass_name AS name,
            assetclassgroup_color AS color, COUNT(node_id) AS counter
        FROM node LEFT JOIN asset USING (asset_id) 
                  LEFT JOIN assetclass USING (assetclass_id)
                  LEFT JOIN assetclassgroup USING (assetclassgroup_id)
        WHERE subnet_id=?
          AND ((node.node_flags IS NULL) OR (node.node_flags & 0x1 = 0))
        GROUP BY assetclass_id
        ORDER BY assetclass_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclasses", $sth->fetchAll());
 $smarty->display("subnetview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask,
            protocol_version AS proto_vers, subnet_dhcp_start AS dhcp_start,
            subnet_dhcp_end AS dhcp_end, ntp_server, subnet_info AS info
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("subnetedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 // subnet
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // node		
 $sql = "SELECT node_id AS id, node_ip AS ip
        FROM node
        WHERE subnet_id=?
        ORDER BY INET_ATON(node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("nodes", $sth->fetchAll());
 $smarty->display("subnetdel.tpl");
 elseif ($action == ACT_LINK):
 // ========== VARIANT: link IP to node ========================================
 // assigniptonode
 $node_ip = sanitize($_GET['node_ip']);
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask 
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("node_ip", $node_ip);
 $smarty->display("assigniptonode.tpl");
 elseif ($action == ACT_LOCATION_EDIT):
 // ========== VARIANT: subnet to location =====================================
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("subnetlocationedit.tpl");
 elseif ($action == ACT_LOCATION_ADD):
 // ========== VARIANT: subnet to location =====================================
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("location_options", db_get_options_location());
 $smarty->display("subnetlocationadd.tpl");
 elseif ($action == ACT_LOCATION_DEL):
 // ========== VARIANT: subnet to location =====================================
 // subnet
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // locations for subnet
 $sql = "SELECT l.location_id, l.location_name
        FROM subnetlocation AS s LEFT JOIN location AS l USING (location_id)
        WHERE s.subnet_id=?
        ORDER BY l.location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $records = $sth->fetchAll();
 $locations = array();
 foreach ($records as $rec) {
    $locations[$rec['location_id']] = $rec['location_name'];
 }
 $smarty->assign("location_options", $locations);
 $smarty->display("subnetlocationdel.tpl");
 elseif ($action == ACT_VLAN_EDIT):
 // ========== VARIANT: subnet to vlan =========================================
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("subnetvlanedit.tpl");
 elseif ($action == ACT_VLAN_ADD):
 // ========== VARIANT: subnet to vlan =========================================
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // vlan
 $sql = "SELECT vlan_id, vlan_number, vlan_name
        FROM vlan
        WHERE vlan_id NOT IN (
 	    SELECT vlan_id FROM subnetvlan WHERE subnet_id=?
 	)
        ORDER BY vlan_number";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $vlans = $sth->fetchAll();
 foreach ($vlans as $vlan) {
    $vlan_options[$vlan['vlan_id']] =  $vlan['vlan_name'] . ' (' . $vlan['vlan_number']. ')';
 }
 $smarty->assign("vlan_options", $vlan_options);
 $smarty->display("subnetvlanadd.tpl");
 elseif ($action == ACT_VLAN_DEL):
 // ========== VARIANT: subnet to vlan =========================================
 // subnet
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // vlan
 $sql = "SELECT v.vlan_id, v.vlan_number, v.vlan_name
        FROM subnetvlan AS s LEFT JOIN vlan AS v USING (vlan_id)
        WHERE s.subnet_id=?
        ORDER BY v.vlan_number";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $vlans = $sth->fetchAll();
 foreach ($vlans as $vlan) {
    $vlan_options[$vlan['vlan_id']] =  $vlan['vlan_name'] . ' (' . $vlan['vlan_number']. ')';
 }
 $smarty->assign("vlan_options", $vlan_options);
 $smarty->display("subnetvlandel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/subnetadd.php
+++ b/subnetadd.php
@ -1,35 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if((isset($_GET['vlan_id'])) ? $vlan_id = sanitize($_GET['vlan_id']) : $vlan_id = "");
 include("header.php");
 $query = "SELECT
 		vlan_id,
 		vlan_number,
 		vlan_name
 	FROM
 		vlan
 	ORDER BY
 		vlan_name";
 $vlans = $db->db_select($query);
 $vlan_options[0] = $lang['lang_option_none'];
 foreach ($vlans as $vlan) {
    $vlan_options[$vlan['vlan_id']] =  $vlan['vlan_name'];
 }
 $smarty->assign("vlan_options", $vlan_options);
 $smarty->display("subnetadd.tpl");
 include("footer.php");
 ?>
--- a/subnetdel.php
+++ b/subnetdel.php
@ -1,48 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 // subnet
 $query = "SELECT
 		subnet_address,
 		subnet_mask
 	FROM
 		subnet
 	WHERE
 		subnet_id=" . $subnet_id;
 $subnet = $db->db_select($query);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_address", $subnet[0]['subnet_address']);
 $smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
 // node		
 $query = "SELECT
 		node_id,
 		node_ip
 	FROM
 		node
 	WHERE
 		subnet_id=" . $subnet_id . "
 	ORDER BY
 		INET_ATON(node_ip)";
 $nodes = $db->db_select($query);
 $smarty->assign("nodes", $nodes);
 $smarty->display("subnetdel.tpl");
 include("footer.php");
 ?>
--- a/subnetedit.php
+++ b/subnetedit.php
@ -1,43 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $query = "SELECT
        subnet_address,
        subnet_mask,
        protocol_version,
        subnet_dhcp_start,
        subnet_dhcp_end,
        ntp_server,
        subnet_info AS subnet_info
    FROM
        subnet
    WHERE
        subnet_id=" . $subnet_id;
 $subnet = $db->db_select($query);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_address", $subnet[0]['subnet_address']);
 $smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
 $smarty->assign("subnet_proto_vers", $subnet[0]['protocol_version']);
 $smarty->assign("subnet_dhcpstart", $subnet[0]['subnet_dhcp_start']);
 $smarty->assign("subnet_dhcpend", $subnet[0]['subnet_dhcp_end']);
 $smarty->assign("subnet_ntp_server", $subnet[0]['ntp_server']);
 $smarty->assign("subnet_info", $subnet[0]['subnet_info']);
 $smarty->display("subnetedit.tpl");
 include("footer.php");
 ?>
--- a/subnetlocationadd.php
+++ b/subnetlocationadd.php
@ -1,34 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $query = "SELECT
 		subnet_address,
 		subnet_mask
 	FROM
 		subnet
 	WHERE
 		subnet_id=" . $subnet_id;
 $subnet = $db->db_select($query);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_address", $subnet[0]['subnet_address']);
 $smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
 $smarty->assign("location_options", $db->options_location());
 $smarty->display("subnetlocationadd.tpl");
 include("footer.php");
 ?>
--- a/subnetlocationdel.php
+++ b/subnetlocationdel.php
@ -1,54 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 // subnet
 $query = "SELECT
        subnet_address,
        subnet_mask
    FROM
        subnet
    WHERE
        subnet_id=" . $subnet_id;
 // run query
 $subnet = $db->db_select($query);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_address", $subnet[0]['subnet_address']);
 $smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
 // location
 $query = "SELECT
        l.location_id,
        l.location_name
    FROM
        subnetlocation AS s LEFT JOIN location USING (location_id)
    WHERE
        s.subnet_id="  . $subnet_id . "
    ORDER BY
        l.location_name";
 // run query
 $records = $db->db_select($query);
 $locations = array();
 foreach ($records as $rec) {
    $locations[$rec['location_id']] = $rec['location_name'];
 }
 $smarty->assign("location_options", $locations);
 $smarty->display("subnetlocationdel.tpl");
 include("footer.php");
 ?>
--- a/subnetlocationedit.php
+++ b/subnetlocationedit.php
@ -1,34 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $query = "SELECT
 		subnet_address,
 		subnet_mask
 	FROM
 		subnet
 	WHERE
 		subnet_id=" . $subnet_id;
 // run query
 $subnet = $db->db_select($query);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_address", $subnet[0]['subnet_address']);
 $smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
 $smarty->display("subnetlocationedit.tpl");
 include("footer.php");
 ?>
--- a/subnetview.php
+++ b/subnetview.php
@ -1,395 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 if(isset($_GET['page'])) {
    $page = sanitize($_GET['page']);
 }
 $smarty->assign("scripts",'changetext.js');
 include("header.php");
 // subnet
 $query = "SELECT
        s.subnet_address,
        s.subnet_mask,
        s.subnet_dhcp_start,
        s.subnet_dhcp_end,
        s.subnet_info,
        s.protocol_version,
        s.ntp_server,
        COUNT(node.subnet_id) AS node_counter
    FROM
        subnet AS s LEFT JOIN node USING (subnet_id)
    WHERE
        s.subnet_id=" . $subnet_id . "
    GROUP BY
        s.subnet_id";
 $subnet = $db->db_select($query);
 // set needed variables
 $subnet_address = $subnet[0]['subnet_address'];
 $subnet_mask = $subnet[0]['subnet_mask'];
 $subnet_dhcpstart = $subnet[0]['subnet_dhcp_start'];
 $subnet_dhcpend = $subnet[0]['subnet_dhcp_end'];
 $subnet_proto_vers = $subnet[0]['protocol_version'];
 $subnet_ntp_server = $subnet[0]['ntp_server'];
 // set counters
 $host_counter = pow(2,(32-$subnet_mask));
 $node_counter = $subnet[0]['node_counter'];
 $subnet_usedpercentage = round((($node_counter/($host_counter-2))*100), 1);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_address", $subnet_address);
 $smarty->assign("subnet_mask", $subnet_mask);
 $smarty->assign("subnet_dhcpstart", $subnet_dhcpstart);
 $smarty->assign("subnet_dhcpend", $subnet_dhcpend);
 $smarty->assign("subnet_info", nl2br($subnet[0]['subnet_info']));
 $smarty->assign("subnet_proto_vers", $subnet_proto_vers);
 $smarty->assign("subnet_ntp_server", $subnet_ntp_server);
 $smarty->assign("node_counter", $node_counter);
 $smarty->assign("subnet_usedpercentage", $subnet_usedpercentage);
 $smarty->assign("config_color_unused", $config_color_unused);
 $smarty->assign("host_counter", $host_counter-2);
 $smarty->assign("free_counter", (($host_counter-2)-$node_counter));
 // subnet
 // split up the range
 $iprange = explode('.', $subnet_address);
 $iprange1 = $iprange[0];
 $iprange2 = $iprange[1];
 $iprange3 = $iprange[2];
 $iprange4 = $iprange[3];
 // create empty subnet-array
 $subnet = array();
 // determine range (Class A/B/C)
 if ($subnet_mask>=24) {
    // Class C
    // fill subnet-array with addresses we want to see
    for($i=0;$i<$host_counter;$i++) {
        // build ip
        $ip = $iprange1 . '.' . $iprange2 . '.' . $iprange3 . '.' . ($iprange4+$i);
        // fill subnet-array
        $subnet[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . $iprange2 . '.' . $iprange3 .  '.' . ($iprange4+$i-1);
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    $smarty->assign("iprange3", $iprange3);
    $smarty->assign("iprange4", $iprange4);
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 255);
    $smarty->assign("subnetmask3", 255);
    $smarty->assign("subnetmask4", 256-$host_counter);
    // no pagination needed
    $smarty->assign("noselect", TRUE);
    $smarty->assign("one_select", FALSE);
    $smarty->assign("two_select", FALSE);
    // set displayed nodes
    $nodes_displayed = $host_counter;
 } else if ($subnet_mask>=16) {
    // Class B
    // which part do we want to see?
    if((empty($page)) ? $page=$subnet_address : $page=$page);
    $page = explode('.', $page);
    $page2 = $page[2];
    // fill subnet-array with addresses we want to see
    for($i=0;$i<256;$i++) {
        // build ip
        $ip = $iprange1 . '.' . $iprange2 . '.' . $page2 .  '.' . $i;
        // fill subnet-array
        $subnet[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . $iprange2 . '.' . ($iprange3+$i-1) .  '.255';
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    // loop addresses in range3
    for($i=$iprange3;$i<(pow(2,(32-$subnet_mask))/256);$i++) {
        // send to tpl
        $smarty->assign("iprange3", $i);
        $smarty->assign("iprange4", 0);
        // set select box
        if($i==$page2) {
            $smarty->assign("row_selected", "selected");
        } else {
            $smarty->assign("row_selected", "");
        }
    }
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 255);
    $smarty->assign("subnetmask3", 256-($host_counter/256));
    $smarty->assign("subnetmask4", 0);
    // one select box
    $smarty->assign("noselect", FALSE);
    $smarty->assign("one_select", TRUE);
    $smarty->assign("two_select", FALSE);
    // set displayed nodes
    $nodes_displayed = 256;
 } else {
    // Class A
    // which part do we want to see?
    if((empty($page)) ? $page=$subnet_address : $page=$page);
    $page = explode('.', $page);
    $page2 = $page[1];
    $page3 = $page[2];
    // fill subnet-array with addresses we want to see
    for($i=0;$i<256;$i++) {
        // build ip
        $ip = $iprange1 . '.' . $page2 . '.' . $page3 .  '.' . $i;
        // fill subnet-array
        $subnet[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . ($iprange2+$i-1) . '.255.255';
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    // loop addresses in range 2
    for ($i=$iprange2; $i<(pow(2,(24-$subnet_mask))/256); $i++) {
        // send to tpl
        $smarty->assign("iprange1", $iprange1);
        $smarty->assign("iprange2", $i);
        $smarty->assign("iprange3", $page3);
        $smarty->assign("iprange4", $iprange4);
        // set select box
        if($i==$page2) {
            $smarty->assign("row1_selected", "selected");
        } else {
            $smarty->assign("row1_selected", "");
        }
        // parse block
        $tp->parse("two_select_row1");
    }
    // loop addresses in range 3
    for($i=0;$i<256;$i++) {
        // send to tpl
        $smarty->assign("iprange1", $iprange1);
        $smarty->assign("iprange2", $page2);
        $smarty->assign("iprange3", $i);
        $smarty->assign("iprange4", $iprange4);
        // set select box
        if($i==$page3) {
            $smarty->assign("row2_selected", "selected");
        } else {
            $smarty->assign("row2_selected", "");
        }
        // parse block
        $tp->parse("two_select_row2");
    }
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 256-($host_counter/65536));
    $smarty->assign("subnetmask3", 0);
    $smarty->assign("subnetmask4", 0);
    // one select box
    $smarty->assign("noselect", FALSE);
    $smarty->assign("one_select", FALSE);
    $smarty->assign("two_select", TRUE);
    // set displayed nodes
    $nodes_displayed = 256;
 }
 // get nodes for this subnetview and implement the values into the array
 $query = "SELECT
        asset.asset_name,
        assetclassgroup.assetclassgroup_color,
        node.node_id,
        node.node_ip
    FROM
        asset,
        assetclass,
        assetclassgroup,
        node
    WHERE
        node.node_ip IN ('".implode("','",array_keys($subnet))."')
        AND node.subnet_id='$subnet_id'
        AND asset.asset_id=node.asset_id
        AND assetclass.assetclass_id=asset.assetclass_id
        AND assetclassgroup.assetclassgroup_id=assetclass.assetclassgroup_id";
 $nodes = $db->db_select($query);
 $node_counter = count($nodes);
 if ($node_counter>0) {
    // get objects
    foreach($nodes AS $node) {
        // add node-values to ip in subnet-array
        $subnet[$node['node_ip']] = $node;
    }
 }
 // replace ip's in subnet-array (if necessary)
 // check for subnet address
 if(array_key_exists($subnet_address, $subnet)) {
    // replace
    $subnet[$subnet_address] = array("subnet_address");
 }
 // check for broadcast address
 if(array_key_exists($broadcast_address, $subnet)) {
    // replace
    $subnet[$broadcast_address] = array("broadcast_address");
 }
 $dhcpstart = 0;
 if ($subnet_dhcpstart && $subnet_dhcpend) {
    $dhcpstart = ip2long($subnet_dhcpstart);
    $dhcpend = ip2long($subnet_dhcpend);
 }
        // loop subnet-array and send to template
            // start counter
 //            $i=1;
            // loop subnet-array
 foreach ($subnet AS $node_ip => $node) {
 // make new line?
 //   if(($i%$_SESSION['suser_imagecount']==0 && $i!=$nodes_displayed) ? $tr="</tr><tr>" : $tr="");
 // check if node-ip in DHCP-area
    $subnet[$node_ip]["dynamic"] = false;
    if ($dhcpstart > 0) {
        $ipval = ip2long($node_ip);
        if (($ipval >= $dhcpstart) and ($ipval <= $dhcpend)) {
            $subnet[$node_ip]["dynamic"] = true;
        }
    }
    // check node
    if (empty($node)) {
        // empty node to tpl
        $subnet[$node_ip]["url"] = 'assigniptonode.php?subnet_id=' . $subnet_id . '&amp;node_ip='. $node_ip;
        $subnet[$node_ip]["remotetext"] = $node_ip;
        if ($subnet[$node_ip]["dynamic"]) {
            $subnet[$node_ip]["assetclassgroup_color"] = $config_color_dynamic;
        } else {
            $subnet[$node_ip]["assetclassgroup_color"] = $config_color_unused;
        }
    } else if (array_key_exists(0, $node) && $node[0]=="subnet_address") {
       // subnet address to tpl
        $subnet[$node_ip]["url"] = "";
        $subnet[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $lang['lang_subnet_subnetaddress'];
        $subnet[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
    } else if (array_key_exists(0, $node) && $node[0]=="broadcast_address") {
        // broadcast address to tpl
        $subnet[$node_ip]["url"] = "";
        $subnet[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $lang['lang_subnet_broadcastaddress'];
        $subnet[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
    } else {
        // node to tpl
        $subnet[$node_ip]["url"] = 'nodeview.php?node_id=' . $node['node_id'];
        $subnet[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $node['asset_name'];
        $subnet[$node_ip]["assetclassgroup_color"] = $node['assetclassgroup_color'];
    }
    // update counter
    //   $i++;
 } // foreach
 $smarty->assign("subnet", $subnet);
 $smarty->assign("imagewrap", $_SESSION['suser_imagecount']);
 // vlan
 $query = "SELECT
        vlan.vlan_id AS vlan_id,
        vlan.vlan_name AS vlan_name,
        vlan.vlan_number AS vlan_number
    FROM
        subnetvlan,
        vlan
    WHERE
        subnetvlan.subnet_id=" . $subnet_id . "
        AND vlan.vlan_id=subnetvlan.vlan_id
    ORDER BY
        vlan.vlan_name";
 // run query
 $vlans = $db->db_select($query);
 $smarty->assign("vlans", $vlans);
 // location
 $query = "SELECT
        l.location_id,
        l.location_name
    FROM
        location AS l LEFT JOIN subnetlocation AS s USING (location_id)
    WHERE
        s.subnet_id=". $subnet_id . "
    ORDER BY
        l.location_name";
 $locations = $db->db_select($query);
 $smarty->assign("locations", $locations);
 // assetclassgroup
 $query = "SELECT
        assetclassgroup_id AS id,
        assetclassgroup_name AS name,
        assetclassgroup_color  AS color,
        COUNT(assetclass_id) AS counter
    FROM subnet
        LEFT JOIN node USING (subnet_id)
        LEFT JOIN asset USING (asset_id)
        LEFT JOIN assetclass USING (assetclass_id)
        LEFT JOIN assetclassgroup USING (assetclassgroup_id)
    WHERE subnet_id=" . $subnet_id . "
    GROUP BY assetclass_id
    ORDER BY counter DESC";
 // run query
 $assetclassgroups = $db->db_select($query);
 $smarty->assign("assetclassgroups", $assetclassgroups);
 $smarty->display("subnetview.tpl");
 include("footer.php");
 ?>
--- a/subnetvlanadd.php
+++ b/subnetvlanadd.php
@ -1,62 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 // subnet
 // build query
 $query = "SELECT
 		subnet_address,
 		subnet_mask
 	FROM
 		subnet
 	WHERE
 		subnet_id=" . $subnet_id;
 // run query
 $subnet = $db->db_select($query);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_address", $subnet[0]['subnet_address']);
 $smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
 // vlan
 $query = " SELECT
 		vlan_id,
 		vlan_number,
 		vlan_name
 	FROM
 		vlan
 	WHERE
 		vlan_id NOT IN (
 			SELECT
 				vlan_id
 			FROM
 				subnetvlan
 			WHERE
 				subnet_id=" . $subnet_id . "
 		)
 	ORDER BY
 		vlan_number";
 $vlans = $db->db_select($query);
 foreach ($vlans as $vlan) {
    $vlan_options[$vlan['vlan_id']] =  $vlan['vlan_name'];
 }
 $smarty->assign("vlan_options", $vlan_options);
 $smarty->display("subnetvlanadd.tpl");
 include("footer.php");
 ?>
--- a/subnetvlandel.php
+++ b/subnetvlandel.php
@ -1,51 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 // subnet
 $query = "SELECT
 		subnet_address,
 		subnet_mask
 	FROM
 		subnet
 	WHERE
 		subnet_id=" . $subnet_id;
 // run query
 $subnet = $db->db_select($query);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_address", $subnet[0]['subnet_address']);
 $smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
 // vlan
 $query = "SELECT
 		v.vlan_id,
 		v.vlan_number,
 		v.vlan_name
 	FROM
 		subnetvlan AS s LEFT JOIN vlan AS v USING (vlan_id)
 	WHERE
 		s.subnet_id="  . $subnet_id . "
 	ORDER BY
 		v.vlan_number";
 // run query
 $vlans = $db->db_select($query);
 $smarty->assign("vlans", $vlans);
 $smarty->display("subnetvlandel.tpl");
 include("footer.php");
 ?>
--- a/subnetvlanedit.php
+++ b/subnetvlanedit.php
@ -1,33 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $query = "SELECT
 		subnet_address,
 		subnet_mask
 	FROM
 		subnet
 	WHERE
 		subnet_id=" . $subnet_id;
 $subnet = $db->db_select($query);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_address", $subnet[0]['subnet_address']);
 $smarty->assign("subnet_mask", $subnet[0]['subnet_mask']);
 $smarty->display("subnetvlanedit.tpl");
 include("footer.php");
 ?>
--- a/tpl/about.tpl
+++ b/tpl/about.tpl
@ -83,6 +83,14 @@
        &nbsp;
    </td>
 </tr>
 <tr>
    <td class="label">
        {$lang_about_changelog_v09}
    </td>
    <td class="value">
        {$lang_about_changelog_v09_ext}
    </td>
 </tr>
 <tr>
    <td class="label">
        {$lang_about_changelog_v08}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Thomas Hooge	8e218fd4ba	Fixed utf8 encoding for ldap dn	2023-12-22 10:42:58 +01:00
Thomas Hooge	7e73d8efbc	Fixed search links	2023-08-29 08:44:13 +02:00
Thomas Hooge	05e85db3a7	Fixed and improved subnet add/edit	2023-03-15 07:43:46 +01:00
Thomas Hooge	303c22160d	Fixed some display bugs and improved icons	2023-03-14 18:58:28 +01:00
Thomas Hooge	34112b8c1c	Fix some image links	2023-03-13 14:58:22 +01:00
Thomas Hooge	c76e8fe9d3	Added administrative password change feature	2023-03-12 17:05:34 +01:00
Thomas Hooge	4266a211e0	Changed language detection code, added some small features	2023-03-12 12:38:43 +01:00
Thomas Hooge	aabd37bd1a	Improved image-buttons and colored image creation	2023-03-11 17:29:44 +01:00
Thomas Hooge	20b54f5b27	Improved MAC address formatting	2023-03-11 08:59:59 +01:00
Thomas Hooge	02980bbad5	Checks before removing objects	2023-03-10 20:03:21 +01:00
Thomas Hooge	8c61638485	Remove footer.php and some small improvements	2023-03-10 19:31:07 +01:00
Thomas Hooge	bfbdc16036	Implement node flags	2023-03-07 14:56:32 +01:00
Thomas Hooge	78b97c5094	Refactored, no more redirects. Improved error messaging system	2023-03-06 19:25:21 +01:00
Thomas Hooge	7cfcaeb9d7	Refactored asset and location	2023-03-04 14:55:07 +01:00
Thomas Hooge	32bd592098	Refactored user, vlan and zone	2023-03-03 19:33:52 +01:00
Thomas Hooge	c63b500d77	Refactored assetclassgroup	2023-03-03 18:14:42 +01:00
Thomas Hooge	ccdcfb968c	Refactored assetclass	2023-03-03 14:36:39 +01:00
Thomas Hooge	f0992b4b64	Some more minor GUI improvements	2023-03-03 07:48:35 +01:00
Thomas Hooge	6ebaea2d45	GUI improvements and new assetclass description	2023-03-02 18:58:04 +01:00
Thomas Hooge	6a5c483c42	Improved cable functions	2023-03-02 13:56:07 +01:00
Thomas Hooge	6e4c4236aa	Some more bugfixing	2023-03-02 10:53:06 +01:00
Thomas Hooge	5e605692dd	Add missing LDAP code to login	2023-03-02 08:40:55 +01:00
Thomas Hooge	1c8021c325	Added counter to assetclass and assetclassgroup views	2023-03-01 17:54:04 +01:00
Thomas Hooge	42a964c4b8	Added symbol for options	2023-03-01 15:52:04 +01:00
Thomas Hooge	f0d187b4c3	More restrictions due to authorization system	2023-03-01 15:12:09 +01:00
Thomas Hooge	0b2da1f00f	Added missing imagelinks in views	2023-03-01 10:10:36 +01:00
Thomas Hooge	ac074eb944	Bumped version to 0.9	2023-03-01 10:02:42 +01:00
Thomas Hooge	db26ffa611	Features LDAP, Rights, Cables, Menu improvements and bug fixing	2023-02-28 19:21:42 +01:00
Thomas Hooge	26e9c89405	Assettype field for active/passive network-components	2023-02-24 15:20:25 +01:00
Thomas Hooge	42e327776c	Interface count for asset	2023-02-24 14:46:24 +01:00
Thomas Hooge	6c9a169600	Some more small fixes in user admin code	2023-02-24 14:21:28 +01:00
Thomas Hooge	02b3cfd23f	Fix bugs in location code	2023-02-24 13:39:05 +01:00
Thomas Hooge	0696a16030	Merge branch 'pdo'	2023-02-24 12:59:23 +01:00
Thomas Hooge	e74bde2d14	Subsequent fixes after major changes for PDO	2023-02-24 12:16:25 +01:00
Thomas Hooge	b144555e46	Added LDAP auth	2023-02-24 09:29:18 +01:00
Thomas Hooge	7d6450706f	Fix password change code	2023-02-23 12:30:11 +01:00
Thomas Hooge	cb7f8ef649	Updated databasescript for new hashing algorithm	2023-02-23 10:56:00 +01:00
Thomas Hooge	08c6d42b3c	Implemented better password hashing algorithm	2023-02-23 10:50:48 +01:00
Thomas Hooge	c13c7494bf	Preselect subnet in options if defined	2023-02-22 10:55:49 +01:00
Thomas Hooge	7c300e0a8f	Changed database access to PDO using prepared statements	2023-02-22 10:50:24 +01:00
Thomas Hooge	a4ecd1bff7	Fix PHP warnings and notices	2023-02-18 08:34:32 +01:00
Thomas Hooge	be9610cd98	Fix styles and scripts in header	2023-02-18 07:49:25 +01:00