Fixed utf8 encoding for ldap dn

Fixed search links
Fixed and improved subnet add/edit
2023-12-22 10:42:58 +01:00 · 2023-08-29 08:44:13 +02:00 · 2023-03-15 07:43:46 +01:00 · 2023-03-14 18:58:28 +01:00 · 2023-03-13 14:58:22 +01:00 · 2023-03-12 17:05:34 +01:00
178 changed files with 4028 additions and 3927 deletions
--- a/about.php
+++ b/about.php
@ -12,5 +12,4 @@ include("header.php");
 $smarty->display("about.tpl");
-include("footer.php");
+$smarty->display("footer.tpl");
 ?>
--- a/asset.php
+++ b/asset.php
@ -9,39 +9,253 @@ SPDX-License-Identifier: GPL-3.0-or-later
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'insert':
        $name = sanitize($_POST['asset_name']);
        $hostname = sanitize($_POST['asset_hostname']);
        $assetclass_id = sanitize($_POST['assetclass_id']);
        $info = sanitize($_POST['asset_info']);
        $intf = sanitize($_POST['asset_intf']);
        $asset_type = sanitize($_POST['asset_type']);
        $sql = "INSERT INTO asset
                    (asset_name, asset_hostname, assetclass_id, asset_info,
                     asset_intf, asset_type)
                VALUE 
                    (?, ?, ?, ?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$name, $hostname, $assetclass_id, $info, $intf, $asset_type]);
        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break;
    case 'update':
        $asset_name = sanitize($_POST['asset_name']);
        $asset_info = sanitize($_POST['asset_info']);
        $asset_intf = sanitize($_POST['asset_intf']);
        $asset_hostname = sanitize($_POST['asset_hostname']);
        $assetclass_id = sanitize($_POST['assetclass_id']);
        $asset_type = sanitize($_POST['asset_type']);
        $sql = "UPDATE asset SET
                    asset_name=?, asset_info=?, asset_hostname=?,
                    assetclass_id=?, asset_intf=?, asset_type=?
                WHERE asset_id=?";
        $sth = $dbh->prepare($sql);
        try {
            $sth->execute([$asset_name, $asset_info, $asset_hostname, 
                           $assetclass_id, $asset_intf, $asset_type,
                           $id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        // Ext. links
        if ($config_ext['zabbix']['enabled'] and isset($_POST['x_zbx_host'])) {
            $zbx_host = sanitize($_POST['x_zbx_host']);
            $sql = "SELECT extlink_id FROM extlink WHERE asset_id=? AND extlink_type='zabbix'";
            $sth = $dbh->prepare($sql);
            $sth->execute([$id]);
            if ($linkid = $sth->fetchColumn()) {
                $sql = "UPDATE extlink SET extlink_refid=? WHERE extlink_id=?";
                $sth = $dbh->prepare($sql);
                $sth->execute([$zbx_host, $linkid]);
            } else {
                $sql = "INSERT INTO extlink (asset_id, extlink_type, extlink_refid) VALUES (?, 'zabbix', ?)";
                $sth = $dbh->prepare($sql);
                $sth->execute([$id, $zbx_host]);
            }
        }
        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("DELETE FROM asset WHERE asset_id=?");
        $sth->execute([$id]);
        $sth = $dbh->prepare("DELETE FROM node WHERE asset_id=?");
        try {
            $sth->execute([$id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
 if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 // create letter links
-$sql = "SELECT DISTINCT SUBSTRING(UPPER(asset_name),1,1) AS asset_letter
+$sql = "SELECT DISTINCT SUBSTRING(UPPER(asset_name),1,1) AS bst
 	FROM asset
-	ORDER BY asset_letter";
+	ORDER BY bst";
 $sth = $dbh->query($sql);
 $alphabet = $sth->fetchAll();
 $alphabet[] = ['bst' => '*'];
 $smarty->assign("alphabet", $alphabet);
 // total asset count
 $sth = $dbh->query("SELECT COUNT(*) FROM asset");
-$smarty->assign("assetcount", $sth->fetchColumn());
+$assetcount = $sth->fetchColumn();
 $smarty->assign("assetcount", $assetcount);
 // assets for current letter
-if (isset($_GET['asset_letter'])) {
+if (isset($_GET['bst'])) {
-    $asset_letter = sanitize($_GET['asset_letter']);
+    $bst = sanitize($_GET['bst']);
 } else {
-   $asset_letter = $alphabet[0]['asset_letter'];
+   $bst = $alphabet[0]['bst'];
 }
 $sql = "SELECT a.asset_id, IF(LENGTH(a.asset_name)>0, a.asset_name, '...') AS asset_name,
            a.asset_info, c.assetclass_id, c.assetclass_name
-	FROM asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
+	FROM asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)";
-	WHERE SUBSTRING(a.asset_name,1,1)=?
+if ($bst != '*') {
-	ORDER BY a.asset_name";
+    $sql .= " WHERE SUBSTRING(a.asset_name,1,1)=?";
    $p = array($bst);
 } else {
    $p = array();
 }
 $sql .=	" ORDER BY a.asset_name";
 $sth = $dbh->prepare($sql);
-$sth->execute([$asset_letter]);
+$sth->execute($p);
 $smarty->assign("assets", $sth->fetchAll());
 $smarty->display("asset.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 if((isset($_GET['assetclass_id'])) ? $assetclass_id = sanitize($_GET['assetclass_id']) : $assetclass_id = "");
 $smarty->assign("assetclass_id", $assetclass_id);
 $sql = "SELECT assetclass_id, assetclass_name
        FROM assetclass
 	ORDER BY assetclass_name";
 $sth = $dbh->query($sql);
 $types = db_load_enum('asset','asset_type');
 $smarty->assign("type_ids", $types);
 $smarty->assign("type_names", $types);
 $smarty->assign("type_selected", $types[0]);
 $assetclass_options = array();
 foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
    $assetclass_options[$rec[0]] = $rec[1];
 }
 $smarty->assign("assetclass_options", $assetclass_options);
 $smarty->display("assetadd.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 $sql = "SELECT a.asset_id, a.asset_name, a.asset_hostname, a.asset_info,
            a.asset_intf, a.asset_type, c.assetclass_id, c.assetclass_name
        FROM asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
        WHERE a.asset_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $asset = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("asset", $asset);
 $sql = "SELECT node_id, node_ip, node.node_flags & 0x1 = 1 AS deleted,
            CONCAT(LEFT(node_info, 40), IF(CHAR_LENGTH(node_info)>40,'...','')) AS node_info
        FROM node
        WHERE asset_id=?
        ORDER BY INET_ATON(node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("nodes", $sth->fetchAll(PDO::FETCH_ASSOC));
 // external systems
 // extlink_id
 // asset_id
 // Type:  enum('cdb','zabbix','topdesk', osticket
 // ID: extlink_refid  int
 //     extlink_uid string
 if ($config_ext['zabbix']['enabled']) {
    $smarty->assign("zabbix", true);
    $sql = "SELECT extlink_refid FROM extlink WHERE extlink_type='zabbix' AND asset_id=?";
    $sth = $dbh->prepare($sql);
    $sth->execute([$id]);
    $refid = $sth->fetchColumn();
    // TODO fetch ext data here
    //$zbx = new PDO('mysql:host='.$config_ext['zabbix']['host'].';dbname='.$config_ext['zabbix']['db'].';', $config_ext['zabbix']['user'], $config_ext['zabbix']['pass']);
    //$zbx->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    //$zbx->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
    $smarty->assign('refid', $refid);
 }
 $smarty->display("assetview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT asset_id, asset_name, asset_hostname, asset_info, asset_intf,
            assetclass_id, asset_type
 	FROM asset
 	WHERE asset_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("asset", $sth->fetch(PDO::FETCH_OBJ));
 // Type selection
 $smarty->assign("type_ids", ['active', 'passive']);
 $smarty->assign("type_names", ['Active', 'Passive']);
 $smarty->assign("assetclass_options", db_get_options_assetclass());
 $smarty->display("assetedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 // asset to delete	
 $sth = $dbh->prepare("SELECT asset_name FROM asset WHERE asset_id=?");
 $sth->execute([$id]);
 $smarty->assign("asset_id", $id);
 $smarty->assign("asset_name", $sth->fetchColumn());
 // nodes to delete
 $sql = "SELECT node_id, node_ip FROM node WHERE asset_id=? ORDER BY INET_ATON(node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$asset_id]);
 $smarty->assign("nodes", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetdel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/assetadd.php
+++ b/assetadd.php
@ -1,36 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if((isset($_GET['assetclass_id'])) ? $assetclass_id = sanitize($_GET['assetclass_id']) : $assetclass_id = "");
 include("header.php");
 $sql = "SELECT assetclass_id, assetclass_name
        FROM assetclass
 	ORDER BY assetclass_name";
 $sth = $dbh->query($sql);
 $types = db_load_enum('asset','asset_type');
 $smarty->assign("type_ids", $types);
 $smarty->assign("type_names", $types);
 $smarty->assign("type_selected", $types[0]);
 $assetclass_options = array();
 foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
    $assetclass_options[$rec[0]] = $rec[1];
 }
 $smarty->assign("assetclass_options", $assetclass_options);
 $smarty->display("assetadd.tpl");
 include("footer.php");
 ?>
--- a/assetclass.php
+++ b/assetclass.php
@ -8,16 +8,167 @@ SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'insert':
        $name = sanitize($_POST['assetclass_name']);
        $description = sanitize($_POST['assetclass_description']);
        $group_id = sanitize($_POST['assetclassgroup_id']);
        $sql = "INSERT INTO assetclass
                      (assetclass_name, assetclass_description, assetclassgroup_id)
            VALUE
                (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        try {
            $sth->execute([$name, $description, $group_id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break;
    case 'update':
        $name = sanitize($_POST['assetclass_name']);
        $description = sanitize($_POST['assetclass_description']);
        $group_id = sanitize($_POST['assetclassgroup_id']);
        $sql = "UPDATE assetclass SET
                    assetclass_name=?, assetclass_description=?,
                    assetclassgroup_id=?
                WHERE assetclass_id=?";
        $sth = $dbh->prepare($sql);
        try {
            $sth->execute([$name, $description, $group_id, $id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("SELECT COUNT(*) FROM asset WHERE assetclass_id=?");
        $sth->execute([$id]);
        if ($sth->fetchColumn() > 0) {
            $g_warning->Add("Objektklasse kann nicht gelöscht werden, da noch zugeordnete Objekte vorhanden sind.");
            $action = ACT_VIEW;
            break;
        }
        $sth = $dbh->prepare("DELETE FROM assetclass WHERE assetclass_id=?");
        try {
            $sth->execute([$id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
-$sql = "SELECT a.assetclass_id, a.assetclass_name, g.assetclassgroup_id,
+if ($action == ACT_DEFAULT):
-            g.assetclassgroup_name, g.assetclassgroup_color
+// ========== VARIANT: default behavior =======================================
-	FROM assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
+
-	ORDER BY a.assetclass_name";
+$sql = "SELECT c.assetclass_id AS id, c.assetclass_name AS name, c.assetclassgroup_id AS group_id,
            g.assetclassgroup_name AS group_name, g.assetclassgroup_color AS color,
            COUNT(a.asset_id) AS count_asset
        FROM assetclass AS c
            LEFT JOIN assetclassgroup AS g USING (assetclassgroup_id)
            LEFT JOIN asset AS a USING (assetclass_id)
        GROUP BY id, name, group_id, group_name, color
        ORDER BY c.assetclass_name";
 $sth = $dbh->query($sql);
 $smarty->assign("assetclasses", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetclass.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 if (isset($_GET['assetclassgroup_id'])) {
    $group_id = sanitize($_GET['assetclassgroup_id']);
 } else {
    $group_id = '';
 }
 $smarty->assign("group_id", $group_id);
 $smarty->assign("assetclassgroup_options", db_get_options_assetclassgroup());
 $smarty->display("assetclassadd.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 $sql = "SELECT a.assetclass_id, a.assetclass_name, g.assetclassgroup_id,
            a.assetclass_description,
            g.assetclassgroup_name, g.assetclassgroup_color
        FROM assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
        WHERE a.assetclass_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 $sql = "SELECT asset_id, asset_name,
            CONCAT(LEFT(asset_info, 80), IF(CHAR_LENGTH(asset_info)>80,'...','')) AS asset_info
        FROM asset
        WHERE assetclass_id=?
        ORDER BY asset_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assets", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetclassview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT assetclass_id AS id, assetclass_name AS name,
            assetclass_description AS description,
            assetclassgroup_id AS group_id
        FROM assetclass
        WHERE assetclass_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("assetclassgroup_options", db_get_options_assetclassgroup());
 $smarty->display("assetclassedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $sql = "SELECT assetclass_id AS id, assetclass_name AS name
        FROM assetclass
        WHERE assetclass_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("assetclassdel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/assetclassadd.php
+++ b/assetclassadd.php
@ -1,20 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if((isset($_GET['assetclassgroup_id'])) ? $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']) : $assetclassgroup_id = "");
 include("header.php");
 $smarty->assign("assetclassgroup_options", db_get_options_assetclassgroup());
 $smarty->display("assetclassadd.tpl");
 include("footer.php");
 ?>
--- a/assetclassdel.php
+++ b/assetclassdel.php
@ -1,26 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclass_id = sanitize($_GET['assetclass_id']);
 include("header.php");
 $sql = "SELECT assetclass_id AS id, assetclass_name AS name
        FROM assetclass
 	WHERE assetclass_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$assetclass_id]);
 $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("assetclassdel.tpl");
 include("footer.php");
 ?>
--- a/assetclassedit.php
+++ b/assetclassedit.php
@ -1,29 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclass_id = sanitize($_GET['assetclass_id']);
 include("header.php");
 $sql = "SELECT assetclass_id AS id, assetclass_name AS name,
            assetclassgroup_id AS group_id
        FROM assetclass
        WHERE assetclass_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$assetclass_id]);
 $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("assetclassgroup_options", db_get_options_assetclass());
 $smarty->display("assetclassedit.tpl");
 include("footer.php");
 ?>
--- a/assetclassgroup.php
+++ b/assetclassgroup.php
@ -8,16 +8,156 @@ SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'insert':
        $name = sanitize($_POST['acg_name']);
        $color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
        $desc = sanitize($_POST['acg_description']);
        $sql = "INSERT INTO assetclassgroup
                    (assetclassgroup_name, assetclassgroup_color, assetclassgroup_description)
                VALUE
                    (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        try {
            $sth->execute([$name, $color, $desc]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break;
    case 'update':
        $acg_name = sanitize($_POST['acg_name']);
        $acg_desc = sanitize($_POST['acg_description']);
        $acg_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
        $sql = "UPDATE assetclassgroup SET
                    assetclassgroup_name=?, assetclassgroup_color=?, assetclassgroup_description=?
                WHERE assetclassgroup_id=?";
        $sth = $dbh->prepare($sql);
        try {
            $sth->execute([$acg_name, $acg_color, $acg_desc, $id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("SELECT COUNT(*) FROM assetclass WHERE assetclassgroup_id=?");
        $sth->execute([$id]);
        if ($sth->fetchColumn() > 0) {
            $g_warning->Add("Objektklassengruppe kann nicht gelöscht werden, da noch zugeordnete Objektklassen vorhanden sind.");
            $action = ACT_VIEW;
            break;
        }
        $sth = $dbh->prepare("DELETE FROM assetclassgroup WHERE assetclassgroup_id=?");
        try {
            $sth->execute([$id]);
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 $smarty->assign("scripts", 'jscolor.js');
 include("header.php");
-$sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name,
+if ($action == ACT_DEFAULT):
-            assetclassgroup_color AS color, assetclassgroup_description AS description
+// ========== VARIANT: default behavior =======================================
-        FROM assetclassgroup
+
-        ORDER BY assetclassgroup_name";
+$sql = "SELECT g.assetclassgroup_id AS id, g.assetclassgroup_name AS name,
            g.assetclassgroup_color AS color, g.assetclassgroup_description AS description,
            COUNT(c.assetclass_id) AS count_class
        FROM assetclassgroup AS g LEFT JOIN assetclass AS c USING (assetclassgroup_id)
        GROUP BY id, name, color, description
        ORDER BY g.assetclassgroup_name";
 $sth = $dbh->query($sql);
 $smarty->assign('assetclassgroups', $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetclassgroup.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 $smarty->display("assetclassgroupadd.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 $sql = "SELECT assetclassgroup_id AS id,
            assetclassgroup_name AS name,
            assetclassgroup_color AS color,
            assetclassgroup_description AS description
        FROM assetclassgroup
        WHERE assetclassgroup_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
 $sql = "SELECT assetclass_id, assetclass_name
        FROM assetclass
        WHERE assetclassgroup_id=?
        ORDER BY assetclass_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclasses", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetclassgroupview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name,
            assetclassgroup_color AS color,
            assetclassgroup_description AS description
        FROM assetclassgroup
        WHERE assetclassgroup_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("assetclassgroupedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name
        FROM assetclassgroup
        WHERE assetclassgroup_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("assetclassgroupdel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/assetclassgroupadd.php
+++ b/assetclassgroupadd.php
@ -1,18 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $smarty->assign("scripts", 'jscolor.js');
 include("header.php");
 $smarty->display("assetclassgroupadd.tpl");
 include("footer.php");
 ?>
--- a/assetclassgroupdel.php
+++ b/assetclassgroupdel.php
@ -1,26 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
 include("header.php");
 $sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name
        FROM assetclassgroup
        WHERE assetclassgroup_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$assetclassgroup_id]);
 $smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("assetclassgroupdel.tpl");
 include("footer.php");
 ?>
--- a/assetclassgroupedit.php
+++ b/assetclassgroupedit.php
@ -1,30 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
 $smarty->assign("scripts", 'jscolor.js');
 include("header.php");
 $sql = "SELECT assetclassgroup_id AS id, assetclassgroup_name AS name,
            assetclassgroup_color AS color,
            assetclassgroup_description AS description
        FROM assetclassgroup
        WHERE assetclassgroup_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$assetclassgroup_id]);
 $smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("assetclassgroupedit.tpl");
 include("footer.php");
 ?>
--- a/assetclassgroupview.php
+++ b/assetclassgroupview.php
@ -1,37 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclassgroup_id = sanitize($_GET['assetclassgroup_id']);
 include("header.php");
 $sql = "SELECT assetclassgroup_id AS id,
            assetclassgroup_name AS name,
            assetclassgroup_color AS color,
            assetclassgroup_description AS description
        FROM assetclassgroup
        WHERE assetclassgroup_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$assetclassgroup_id]);
 $smarty->assign("assetclassgroup", $sth->fetch(PDO::FETCH_OBJ));
 $sql = "SELECT assetclass_id, assetclass_name
        FROM assetclass
        WHERE assetclassgroup_id=?
        ORDER BY assetclass_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$assetclassgroup_id]);
 $smarty->assign("assetclasses", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetclassgroupview.tpl");
 include("footer.php");
 ?>
--- a/assetclassview.php
+++ b/assetclassview.php
@ -1,36 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $assetclass_id = sanitize($_GET['assetclass_id']);
 include("header.php");
 $sql = "SELECT a.assetclass_id, a.assetclass_name, g.assetclassgroup_id,
            g.assetclassgroup_name, g.assetclassgroup_color
 	FROM assetclass AS a LEFT OUTER JOIN assetclassgroup AS g USING (assetclassgroup_id)
 	WHERE a.assetclass_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$assetclass_id]);
 $smarty->assign("assetclass", $sth->fetch(PDO::FETCH_OBJ));
 $sql = "SELECT asset_id, asset_name,
            CONCAT(LEFT(asset_info, 80), IF(CHAR_LENGTH(asset_info)>80,'...','')) AS asset_info
 	FROM asset
 	WHERE assetclass_id=?
 	ORDER BY asset_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$assetclass_id]);
 $smarty->assign("assets", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetclassview.tpl");
 include("footer.php");
 ?>
--- a/assetdel.php
+++ b/assetdel.php
@ -1,31 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $asset_id = sanitize($_GET['asset_id']);
 include("header.php");
 // asset to delete	
 $sth = $dbh->prepare("SELECT asset_name FROM asset WHERE asset_id=?");
 $sth->execute([$asset_id]);
 $smarty->assign("asset_id", $asset_id);
 $smarty->assign("asset_name", $sth->fetchColumn());
 // nodes to delete
 $sql = "SELECT node_id, node_ip FROM node WHERE asset_id=? ORDER BY INET_ATON(node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$asset_id]);
 $smarty->assign("nodes", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetdel.tpl");
 include("footer.php");
 ?>
--- a/assetedit.php
+++ b/assetedit.php
@ -1,33 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $asset_id = sanitize($_GET['asset_id']);
 include("header.php");
 $sql = "SELECT asset_id, asset_name, asset_hostname, asset_info, asset_intf,
            assetclass_id, asset_type
 	FROM asset
 	WHERE asset_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$asset_id]);
 $smarty->assign("asset", $sth->fetch(PDO::FETCH_OBJ));
 // Type selection
 $smarty->assign("type_ids", ['active', 'passive']);
 $smarty->assign("type_names", ['Active', 'Passive']);
 $smarty->assign("assetclass_options", db_get_options_assetclass());
 $smarty->display("assetedit.tpl");
 include("footer.php");
 ?>
--- a/assetview.php
+++ b/assetview.php
@ -1,36 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $asset_id = sanitize($_GET['asset_id']);
 include("header.php");
 $sql = "SELECT a.asset_id, a.asset_name, a.asset_hostname, a.asset_info,
            a.asset_intf, a.asset_type, c.assetclass_id, c.assetclass_name
 	FROM asset AS a LEFT OUTER JOIN assetclass AS c USING (assetclass_id)
 	WHERE a.asset_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$asset_id]);
 $asset = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("asset", $asset);
 $sql = "SELECT node_id, node_ip, LEFT(node_info, 40) as node_info
 	FROM node
 	WHERE asset_id=?
 	ORDER BY INET_ATON(node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$asset_id]);
 $smarty->assign("nodes", $sth->fetchAll(PDO::FETCH_ASSOC));
 $smarty->display("assetview.tpl");
 include("footer.php");
 ?>
--- a/assigniptonode.php
+++ b/assigniptonode.php
@ -1,29 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_ip = sanitize($_GET['node_ip']);
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask 
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("node_ip", $node_ip);
 $smarty->display("assigniptonode.tpl");
 include("footer.php");
 ?>
--- a/assignnodetoasset.php
+++ b/assignnodetoasset.php
@ -1,28 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $asset_id = sanitize($_GET['asset_id']);
 $node_ip = sanitize($_GET['node_ip']);
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $smarty->assign("node_ip", $node_ip);
 $smarty->assign("asset_id", $asset_id);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("asset_options", db_get_options_asset());
 $smarty->assign("subnet_options",  db_get_options_subnet());
 $smarty->display("assignnodetoasset.tpl");
 include("footer.php");
 ?>
--- a/cable.php
+++ b/cable.php
@ -10,7 +10,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
 include("includes.php");
 if ($_SESSION['suser_role_admin'] == 0) {
-    header_location('comments.php?comments=accessdenied');
+    $g_error->add('Access denied!');
    $action = ACT_ERR_DENIED;
 }
 if (isset($_REQUEST['id'])) {
@ -33,19 +34,43 @@ switch ($submit = form_get_action()) {
    case 'insert':
        $description = sanitize($_POST['description']);
        $length = sanitize($_POST['length']);
        $color = sanitize($_POST['color']);
        $type = sanitize($_POST['cable_type']);
        $links = sanitize($_POST['links']);
        $info = sanitize($_POST['info']);
        $sql = "INSERT INTO cable
-                    (cable_description, cable_color, cable_info)
+                    (cable_description, cable_color, cable_type, cable_links, 
                    cable_length, cable_info)
                VALUES
-                    (:description, :color, :info)";
+                    (:description, :color, :type, :links, 
                    :length, :info)";
        $sth = $dbh->prepare($sql);
-        $sth->bindValue(':description', $description, PDO::PARAM_STR);
+        try {
-        $sth->bindValue(':color', $color, PDO::PARAM_STR);
+            $sth->bindValue(':description', $description, PDO::PARAM_STR);
-        $sth->bindValue(':info', $info, PDO::PARAM_STR);
+            $sth->bindValue(':length', $length, PDO::PARAM_INT);
-        $sth->execute();
+            $sth->bindValue(':color', $color, PDO::PARAM_STR);
-        $id = $dbh->lastInsertId();
+            $sth->bindValue(':type', $type, PDO::PARAM_STR);
-        $action = ACT_VIEW;
+            $sth->bindValue(':links', $info, PDO::PARAM_INT);
            $sth->bindValue(':info', $info, PDO::PARAM_STR);
            $sth->execute();
            $id = $dbh->lastInsertId();
            $action = ACT_VIEW;
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
            if ($e->getCode() == 23000) {
                // duplicate key
                $g_warning->Add("Save failed");
                $g_warning->Add("Cable description '$description' already in use!");
            }
            // reassign entered values
            $smarty->assign('length', $length);
            $smarty->assign('type', $type);
            $smarty->assign('links', $links);
            $smarty->assign('color', $color);
            $smarty->assign('info', $info);
            $action = ACT_ADD;
        }
        break;
    case 'update':
@ -53,12 +78,14 @@ switch ($submit = form_get_action()) {
        $color = sanitize($_POST['color']);
        $length = sanitize($_POST['length']);
        $type = sanitize($_POST['cable_type']);
        $links = sanitize($_POST['links']);
        $info = sanitize($_POST['info']);
        $sql = "UPDATE cable
                SET cable_description=:desc,
                    cable_color=:color,
                    cable_length=:length,
                    cable_type=:type,
                    cable_links=:links,
                    cable_info=:info
                WHERE cable_id=:id";
        $sth = $dbh->prepare($sql);
@ -67,14 +94,23 @@ switch ($submit = form_get_action()) {
        $sth->bindValue(':length', $length, PDO::PARAM_INT);
        $sth->bindValue(':color', $color, PDO::PARAM_STR);
        $sth->bindValue(':type', $type, PDO::PARAM_STR);
        $sth->bindValue(':links', $links, PDO::PARAM_INT);
        $sth->bindValue(':info', $info, PDO::PARAM_STR);
-        $sth->execute();
+        try {
            $sth->execute();
        } catch (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("DELETE FROM cable WHERE cable_id=?");
-        $sth->execute([$id]);
+        try {
            $sth->execute([$id]);
        } catch  (PDOException $e) {
            $g_error->Add($e->getMessage());
        }
        $action = ACT_DEFAULT;
        break;
@ -149,6 +185,14 @@ $smarty->assign('description', $sth->fetchColumn());
 $smarty->display('cabledel.tpl');
 elseif ($action == ACT_ERR_DENIED):
 // ========== ERROR ACCESS TO PAGE DENIED =====================================
 if (isset($_SERVER['HTTP_REFERER'])) {
    echo '<p"><a href="', $_SERVER['HTTP_REFERER'], '">', "Back to last page</a></p>\n";
 }
 echo "<p></p>";
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
--- a/comments.php
+++ b/comments.php
@ -1,22 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 include("header.php");
 $comments = sanitize($_GET['comments']);
 $smarty->assign("comments", $lang['lang_comments_' . $comments]);
 $smarty->display("comments.tpl");
 include("footer.php");
 ?>
--- a/config.php-sample
+++ b/config.php-sample
@ -7,6 +7,9 @@ Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 // application settings
 $config_app_session = 'ipreg';
 // db connection
 $config_mysql_host = 'localhost';
 $config_mysql_username = 'ipreg';
@ -33,4 +36,11 @@ $config_ldap_login_attr = 'uid';
 $config_ldap_bind_dn = 'cn=dummy,ou=organizationalunit,dc=example,dc=com';
 $config_ldap_bind_pass = 'secret';
-?>
+// external systems
 $config_ext[] = [
    'zabbix' => ['enabled' => false,
                 'host' => 'localhost',
                 'db' => 'zabbix',
                 'user' => 'ipreg',
                 'pass' => 'topsecret']
    ];
--- a/footer.php
+++ b/footer.php
@ -1,13 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 $smarty->assign("config_version", $config_version);
 $smarty->display("footer.tpl");
 ?>
--- a/header.php
+++ b/header.php
@ -43,6 +43,9 @@ if ($_SESSION['suser_menu_locations']) {
 if ($_SESSION['suser_menu_nodes']) {
    $menu[] = '<a href="node.php">' . $lang['lang_nodes'] . "</a>\n";
 }
 if ($_SESSION['suser_menu_nats']) {
    $menu[] = '<a href="nat.php">' . $lang['lang_nats'] . "</a>\n";
 }
 if ($_SESSION['suser_menu_subnets']) {
    $menu[] = '<a href="subnet.php">' . $lang['lang_subnets'] . "</a>\n";
 }
@ -58,4 +61,4 @@ if ($_SESSION['suser_menu_zones']) {
 $smarty->assign("menu", implode(' | ', $menu));
 $smarty->display("header.tpl");
-?>
+
--- a/image.php
+++ b/image.php
@ -7,75 +7,33 @@ Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
-include("includes.php");
+include('config.php');
-if(isset($_GET['icon'])) {
+session_name($config_app_session);
-	$icon = sanitize($_GET['icon']);
+session_start();
-	switch($icon) {
+function valid_color($color, $default='888888') {
-		case ("add") :
+    // safe return a 6 character color string in uppercase
-			$png = 'page_add';
+    // input can be length of 3 or 6
-		break;
+    if (! isset($color) or ! ctype_xdigit($color)) {
-		case ("back") :
+        return $default;
-			$png = 'control_rewind_blue';
+    }
-		break;
+    if(strlen($color) == 3) {
-		case ("cancel") :
+        // duplicate characters
-			$png = 'control_rewind_blue';
+        $col6 = '';
-		break;
+        for ($i=1; $i<=3; $i++) {
-		case ("comment") :
+            $col6 .= $color[$i].$color[$i];
-			$png = 'comment';
+        }
-		break;
+        return strtoupper($col6);
-		case ("delete") :
+    }
-			$png = 'page_delete';
+    return strtoupper($color);
 		break;
 		case ("shred") :
 			$png = 'bin';
 		break;
 		case ("edit") :
 			$png = 'page_edit';
 		break;
 		case ("error") :
 			$png = 'error';
 		break;
 		case ("help") :
 			$png = 'help';
 		break;
 		case ("logo") :
 			$png = 'logo';
 		break;
 		case ("next") :
 			$png = 'control_fastforward_blue';
 		break;
 		case ("save") :
 			$png = 'page_save';
 		break;
 		case ("search") :
 			$png = 'magnifier';
 		break;
 	}
 	$image = imagecreatefrompng("images/" . $png . ".png");
 	imagealphablending($image, true);
 	imagesavealpha($image, true);
 	header('Content-type: image/png');
 	imagepng($image);
 	imagedestroy($image);
 }
-if(isset($_GET['color'])) {
+$color = valid_color($_GET['color'], '444');
-	$color = sanitize($_GET['color']);
+$image = imagecreatetruecolor($_SESSION['suser_imagesize'], $_SESSION['suser_imagesize']);
 $color = imagecolorallocate($image, hexdec(substr($color,0,2)), hexdec(substr($color,2,2)), hexdec(substr($color,4,2)));
 imagefill($image, 0, 0, $color);
-	$image = imagecreatetruecolor($_SESSION['suser_imagesize'], $_SESSION['suser_imagesize']);
+header('Content-type: image/png');
-	
+imagepng($image);
-	$color = imagecolorallocate($image, hexdec(substr($color,0,2)), hexdec(substr($color,2,2)), hexdec(substr($color,4,2)));
+imagedestroy($image);
 	imagefill($image, 0, 0, $color);
 	header('Content-type: image/png');
 	imagepng($image);
 	imagedestroy($image);
 }
 ?>
--- a/images/page_add.png
+++ b/images/page_add.png
--- a/images/brick_add.png
+++ b/images/brick_add.png
--- a/images/brick_delete.png
+++ b/images/brick_delete.png
--- a/images/brick_edit.png
+++ b/images/brick_edit.png
--- a/images/page_delete.png
+++ b/images/page_delete.png
--- a/images/page_edit.png
+++ b/images/page_edit.png
--- a/images/control_fastforward_blue.png
+++ b/images/control_fastforward_blue.png
--- a/images/key_add.png
+++ b/images/key_add.png
--- a/images/nat.png
+++ b/images/nat.png
--- a/images/control_rewind_blue.png
+++ b/images/control_rewind_blue.png
--- a/images/page_save.png
+++ b/images/page_save.png
--- a/images/tag-blue.png
+++ b/images/tag-blue.png
--- a/images/tag_add.png
+++ b/images/tag_add.png
--- a/images/tag_delete.png
+++ b/images/tag_delete.png
--- a/images/tag_edit.png
+++ b/images/tag_edit.png
--- a/includes.php
+++ b/includes.php
@ -7,17 +7,23 @@ Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
-session_name('ipreg');
+include('config.php');
 session_name($config_app_session);
 session_start();
-// check for user_id, if unnkown, redirect to login
+// check for user_id, if unknown, redirect to login
 if (empty($_SESSION['suser_id'])) {
-    $_SESSION['prelogin'] = $_SERVER['REQUEST_URI'];
+    if (isset($_SERVER['REQUEST_URI'])) {
        $_SESSION['prelogin'] = $_SERVER['REQUEST_URI'];
    }
    header("Location: login.php");
    exit;
 }
-include("config.php");
+// required config vars, may be overwritten later
 $config_auth_ldap = false;
 $config_ext = array();
 // connect to database
 $dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charset=utf8", $config_mysql_username, $config_mysql_password);
@ -26,6 +32,4 @@ $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
 include("lib.php");
-$language = lang_getfrombrowser($config_lang, $config_lang_default, null, false);
+// $language = lang_getfrombrowser($config_lang, $config_lang_default);
 ?>
--- a/index.php
+++ b/index.php
@ -14,30 +14,45 @@ include("header.php");
 // Statistics
 // asset
-$sth = $dbh->query("SELECT COUNT(asset_id) AS asset_counter FROM asset");
+$sth = $dbh->query("SELECT COUNT(asset_id) FROM asset");
 $smarty->assign("asset_counter", $sth->fetchColumn());
 // assetclass
 $sth = $dbh->query("SELECT COUNT(assetclass_id) AS asset_counter FROM assetclass");
 $smarty->assign("assetclass_counter", $sth->fetchColumn());
 // assetclassgroup
 $sth = $dbh->query("SELECT COUNT(assetclassgroup_id) FROM assetclassgroup");
 $smarty->assign("assetclassgroup_counter", $sth->fetchColumn());
 // location
-$sth = $dbh->query("SELECT COUNT(location_id) AS location_counter FROM location");
+$sth = $dbh->query("SELECT COUNT(location_id) FROM location");
 $smarty->assign("location_counter", $sth->fetchColumn());
 // node
-$sth = $dbh->query("SELECT COUNT(node_id) AS node_counter FROM node");
+$sth = $dbh->query("SELECT COUNT(node_id) FROM node");
 $smarty->assign("node_counter", $sth->fetchColumn());
 // subnet
-$sth = $dbh->query("SELECT COUNT(subnet_id) AS subnet_counter FROM subnet");
+$sth = $dbh->query("SELECT COUNT(subnet_id) FROM subnet");
 $smarty->assign("subnet_counter", $sth->fetchColumn());
 //  nat
 $sth = $dbh->query("SELECT COUNT(nat_id) FROM nat");
 $smarty->assign("nat_counter", $sth->fetchColumn());
 //  vlan
-$sth = $dbh->query("SELECT COUNT(vlan_id) AS vlan_counter FROM vlan");
+$sth = $dbh->query("SELECT COUNT(vlan_id) FROM vlan");
 $smarty->assign("vlan_counter", $sth->fetchColumn());
 // zone
-$sth = $dbh->query("SELECT COUNT(zone_id) AS zone_counter FROM zone");
+$sth = $dbh->query("SELECT COUNT(zone_id) FROM zone");
 $smarty->assign("zone_counter", $sth->fetchColumn());
 // cable
 $sth = $dbh->query("SELECT COUNT(cable_id) FROM cable");
 $smarty->assign("cable_counter", $sth->fetchColumn());
 $smarty->display("index.tpl");
-include("footer.php");
+$smarty->display("footer.tpl");
 ?>
--- a/install/index.php
+++ b/install/index.php
@ -0,0 +1,121 @@
 <?php
 $failure = false;
 ?>
 <!DOCTYPE html>
 <html>
 <head>
 <title>Install</title>
 </head>
 <body>
 <h1>Installation check</h1>
 <?php
 // PDO
 $ext = get_loaded_extensions();
 $msg = '<p>PDO database interface: <span style="color:%s">%s</span>'."</p>\n";
 $failure = ! in_array('PDO', $ext);
 $res = $failure ? ['red', 'Error'] : ['green', 'OK'];
 echo vsprintf($msg, $res);
 // config file
 if (! $failure) {
    $conffile = '../config.php';
    $perms = fileperms($conffile);
    if ($perms & 0x07) {
        echo '<p>Config file world readable: <span style="color:red">Error</span>', "</p>\n";
    }
    if ($perms & 0x10) {
        echo '<p>Config file writeable by webserver: <span style="color:red">Error</span>', "</p>\n";
    }
    $msg = '<p>Read config file: <span style="color:%s">%s</span>'."</p>\n";
    $failure = (! include($conffile));
    $res = $failure ? ['red', 'Error'] : ['green', 'OK'];
    echo vsprintf($msg, $res);
 } else {
    echo "<p>Configfile correct?</p>";
 }
 // Database connection
 if (! $failure) {
    try {
        $dbh = new PDO("mysql:host=$config_mysql_host", $config_mysql_username, $config_mysql_password);
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    } catch (PDOException $e) {
        $details = "<pre>" . $e->getMessage() . "</pre>\n";
        $failure = true;
    }
    $msg = '<p>Database connection: <span style="color:%s">%s</span>'."</p>\n";
    $res = $failure ? ['red', 'Error'] : ['green', 'OK'];
    echo vsprintf($msg, $res);
    if ($failure) {
        echo $details;
    }
 } else {
    echo "<p>Database connection available?</p>\n";
 }
 // Ipreg database exists
 if (! $failure) {
    $sql = "SELECT SCHEMA_NAME FROM
            INFORMATION_SCHEMA.SCHEMATA
            WHERE SCHEMA_NAME=?";
    $sth = $dbh->prepare($sql);
    $sth->execute([$config_mysql_dbname]);
    $failure = ! $sth->fetchColumn();
    $msg = '<p>Database exists: <span style="color:%s">%s</span>'."</p>\n";
    $res = $failure ? ['red', 'Error'] : ['green', 'OK'];
    echo vsprintf($msg, $res);
    $dbh->query("USE $config_mysql_dbname");
 } else {
    echo "<p>Database available?</p>\n";
 }
 ?>
 <h2>Rights</h2>
 <?php
 // Admin-user?
 if (! $failure) {
    $admincount = 0;
    // Admin count
    $sql = "SELECT user_id FROM user WHERE FIND_IN_SET('admin',user_role)>0";
    $sth = $dbh->query($sql);
    $adminlist = $sth->fetchAll(PDO::FETCH_ASSOC);
    $admincount = count($adminlist);
    if ($admincount == 0) {
        echo '<p>No admin user exists: <span style="color:red">Error</span>'."</p>\n";
    }
    // Default admin
    $sql = "SELECT user_pass FROM user WHERE user_name='admin' AND FIND_IN_SET('admin',user_role)>0";
    $sth = $dbh->query($sql);
    if ($rec = $sth->fetchColumn()) {
        // Check default password
        if ($rec == '$2y$10$HTs0lSaFrfr.q4Gmy5zWfeDg3jhYZkqEGZEnDkMiHZ641nso38mt6') {
           echo '<p>Password for default admin has not been changed: <span style="color:orange">Warning</span>'."</p>\n";
        } else {
           echo '<p>Default admin exists: <span style="color:green">OK</span>'."</p>\n";
        }
    } else {
        echo "<p>Default admin does not exist.</p>\n";
        if ($admincount > 0) {
            echo '<p>There are more admin accounts: <span style="color:green">OK</span>', "</p>\n";
        }
    }
 } else {
    echo "<p>Administrative user available?</p>\n";
 }
 // Smarty
 $compiledir = '../tpl_c';
 $failure = ! is_writeable($compiledir);
 $msg = '<p>Smarty compile directory writable: <span style="color:%s">%s</span>'."</p>\n";
 $res = $failure ? ['red', 'Error'] : ['green', 'OK'];
 echo vsprintf($msg, $res);
 ?>
 <h2>Summary</h2>
 <p>If everything here checks ok the installation directory <tt>install</tt>
 should be removed.</p>
 </body>
 </html>
--- a/install/mysql.sql
+++ b/install/mysql.sql
@ -15,6 +15,7 @@ CREATE TABLE assetclass (
  assetclass_id int(10) NOT NULL AUTO_INCREMENT,
  assetclassgroup_id int(10) NOT NULL,
  assetclass_name varchar(100) NOT NULL,
  assetclass_description varchar(100) DEFAULT NULL,
  PRIMARY KEY (assetclass_id),
  INDEX ix_assetclass_name (assetclass_name)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
@ -28,7 +29,6 @@ CREATE TABLE assetclassgroup (
  INDEX ix_assetclassgroup_name (assetclassgroup_name)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 -- WIP
 CREATE TABLE cable (
  cable_id int(10) NOT NULL AUTO_INCREMENT,
  cable_description varchar(100) NOT NULL,
@ -53,10 +53,12 @@ CREATE TABLE cablevlan (
 -- WIP
 -- Reference to external systems
 -- class 1=asset; per ext type different class-ids possible
 CREATE TABLE extlink (
  extlink_id int(10) NOT NULL AUTO_INCREMENT,
  asset_id int(10) NOT NULL,
  extlink_type enum('cdb','zabbix', 'topdesk') NOT NULL DEFAULT 'cdb',
  extlink_class tinyint(4) NOT NULL DEFAULT 1,
  extlink_refid int(10) DEFAULT NULL,
  extlink_uid varchar(65) DEFAULT NULL,
  PRIMARY KEY (extlink_id),
@ -97,6 +99,7 @@ CREATE TABLE node (
  zone_id int(10) DEFAULT NULL,
  node_info text DEFAULT NULL,
  node_type enum('v4','v6') NOT NULL DEFAULT 'v4',
  node_flags set('deleted','reserved') DEFAULT NULL,
  PRIMARY KEY (node_id),
  INDEX ix_ip (node_ip),
  INDEX ix_mac (node_mac)
--- a/install/mysql_sample.sql
+++ b/install/mysql_sample.sql
@ -1,8 +1,11 @@
 INSERT INTO asset (asset_name, assetclass_id) VALUES
-('Computer', 1),
+('Computer Alice', 1),
 ('Computer Bob', 1),
 ('Computer Admin', 1),
 ('Server', 3),
 ('Printer', 4),
-('Firewall', 6);
+('Firewall', 6),
 ('Air Condition System', 8);
 INSERT INTO assetclass (assetclassgroup_id, assetclass_name) VALUES
 (1, 'Desktop'),
@ -11,7 +14,8 @@ INSERT INTO assetclass (assetclassgroup_id, assetclass_name) VALUES
 (3, 'Printer'),
 (4, 'Switch'),
 (4, 'Firewall'),
-(5, 'Scanner');
+(5, 'Scanner'),
 (5, 'Other');
 INSERT INTO assetclassgroup (assetclassgroup_name, assetclassgroup_color) VALUES
 ('Personal Computer', '000000'),
@ -54,7 +58,9 @@ INSERT INTO user (user_name, user_pass, user_displayname) VALUES
 ('bob', '$2y$10$hl4NN4lOyuz7KN0ZjLHbOuCqGi08GVaTvl/RiMcL1mbFqGmtzDN76', 'Bob');
 INSERT INTO vlan (vlan_number, vlan_name) VALUES
-(1, 'DEFAULT_VLAN');
+(1, 'DEFAULT_VLAN'),
 (2, 'WLAN'),
 (3, 'DMZ');
 INSERT INTO zone (zone_soa, zone_origin, zone_hostmaster, zone_serial, zone_ns1) VALUES
 ('ns1.example.com.', 'example.com.', 'hostmaster.example.com.', '2023021301', 'ns1.example.com');
--- a/lang/de.php
+++ b/lang/de.php
@ -14,6 +14,8 @@ $lang = array(
    'lang_location' => 'Standort',
    'lang_locations' => 'Standorte',
    'lang_menu' => 'Menü',
    'lang_nat' => 'NAT',
    'lang_nats' => 'NATs',
    'lang_node' => 'Knoten',
    'lang_nodes' => 'Knoten',
    'lang_user' => 'Benutzer',
@ -32,6 +34,7 @@ $lang = array(
    'lang_all' => 'Alle',
    'lang_cancel' => 'Abbruch',
    'lang_color' => 'Farbe',
    'lang_del' => 'Löschen',
    'lang_error' => 'Fehler',
    'lang_item' => 'Gegenstand',
    'lang_language' => 'Sprache',
@ -39,18 +42,22 @@ $lang = array(
    'lang_logout' => 'Abmelden',
    'lang_options' => 'Optionen',
    'lang_option_none' => '(kein)',
    'lang_pass_set' => 'Neues Kennwort einstellen',
    'lang_reset' => 'Zur&uuml;cksetzen',
    'lang_search' => 'Suche',
    'lang_statistics' => 'Statistik',
    'lang_subitem' => 'Sub-Item',
    'lang_submit' => 'Absenden',
    'lang_save' => 'Speichern',
    'lang_unassigned' => 'Nicht zugeordnet',
    'lang_warning' => 'Warnung',
-    'lang_description' => 'Beschreibung',
+    'lang_description' => 'Bezeichnung',
    'lang_empty' => 'leer',
    'lang_source' => 'Quelle',
    'lang_target' => 'Ziel',
    'lang_length' => 'L&auml;nge',
    'lang_flag_deleted' => 'gelöscht',
    'lang_flag_reserved' => 'reserviert',
    'lang_asset_add' => 'Objekt hinzufügen',
    'lang_asset_del' => 'Objekt löschen',
@ -66,12 +73,15 @@ $lang = array(
    'lang_assetclass_del' => 'Objektklasse löschen',
    'lang_assetclass_edit' => 'Objektklasse ändern',
    'lang_assetclass_name' => 'Objektklassenname',
    'lang_assetclass_desc' => 'Beschreibung',
    'lang_assetclass_count' => '# Objekte',
    'lang_assetclass_none' => 'Es sind keine Objektklassen vorhanden',
    'lang_assetclassgroup_add' => 'Objektklassengruppe hinzufügen',
    'lang_assetclassgroup_del' => 'Objektklassengruppe löschen',
    'lang_assetclassgroup_edit' => 'Objektklassengruppe ändern',
    'lang_assetclassgroup_name' => 'Objektklassengruppenname',
    'lang_assetclassgroup_count' => '# Klassen',
    'lang_assetclassgroup_none' => 'Es sind keine Objektklassengruppen vorhanden',
    'lang_assignnodetoasset' => 'Knoten zu Objekt hinzufügen',
@ -95,6 +105,7 @@ $lang = array(
    'lang_location_edit' => 'Standort ändern',
    'lang_location_info' => 'Standortinfo',
    'lang_location_name' => 'Standortname',
    'lang_location_hierarchy' => 'Standorthierarchie',
    'lang_location_parent' => 'Übergeordneter Standort',
    'lang_sublocation_add' => 'Unterstandort hinzufügen',
    'lang_location_none' => 'Es sind keine Standorte vorhanden',
@ -102,6 +113,9 @@ $lang = array(
    'lang_locationsubnet' => 'Standort/Subnetz',
    'lang_locationsubnet_edit' => 'Standort/Subnetz bearbeiten',
    'lang_cable_add' => 'Kabel hinzufügen',
    'lang_cable_del' => 'Kabel löschen',
    'lang_cable_edit' => 'Kabel ändern',
    'lang_cable_info' => 'Kabelinfo',
    'lang_cable_type' => 'Kabeltyp',
    'lang_cable_none' => 'Es sind keine Kabel vorhanden',
@ -117,7 +131,6 @@ $lang = array(
    'lang_mac' => 'MAC-Adresse',
    'lang_proto_vers' => 'Protokollversion',
    'lang_nat' => 'NAT',
    'lang_nat_add' => 'NAT hinzufügen',
    'lang_nat_del' => 'NAT löschen',
    'lang_nat_edit' => 'NAT ändern',
@ -126,6 +139,7 @@ $lang = array(
    'lang_nat_type_1' => 'Verbergen',
    'lang_nat_type_2' => 'Statisch',
    'lang_nat_type_3' => 'Dynamisch',
    'lang_nat_none' => 'Es sind keine NAT-Regeln vorhanden',
    'lang_search_results_found' => 'Anzahl der gefundenen Ergebnisse: ',
@ -167,7 +181,7 @@ $lang = array(
    'lang_zone_add' => 'Zone hinzufügen',
    'lang_zone_del' => 'Zone löschen',
-    'lang_zone_edit' => 'Zone bearbeiten',
+    'lang_zone_edit' => 'Zone ändern',
    'lang_zone_none' => 'Es sind keine Zonen vorhanden',
    'lang_vlan_add' => 'VLAN hinzufügen',
--- a/lang/en.php
+++ b/lang/en.php
@ -14,6 +14,8 @@ $lang = array(
    'lang_location' => 'Location',
    'lang_locations' => 'Locations',
    'lang_menu' => 'Menu',
    'lang_nat' => 'NAT',
    'lang_nats' => 'NATs',
    'lang_node' => 'Node',
    'lang_nodes' => 'Nodes',
    'lang_user' => 'User',
@ -32,6 +34,7 @@ $lang = array(
    'lang_all' => 'All',
    'lang_cancel' => 'Cancel',
    'lang_color' => 'Color',
    'lang_del' => 'Delete',
    'lang_error' => 'Error',
    'lang_item' => 'Item',
    'lang_language' => 'Language',
@ -39,11 +42,13 @@ $lang = array(
    'lang_logout' => 'Logout',
    'lang_options' => 'Options',
    'lang_option_none' => '(none)',
    'lang_pass_set' => 'Set new password',
    'lang_reset' => 'Reset',
    'lang_search' => 'Search',
    'lang_statistics' => 'Statistics',
    'lang_subitem' => 'Sub-Item',
    'lang_submit' => 'Submit',
    'lang_save' => 'Save',
    'lang_unassigned' => 'Unassigned',
    'lang_warning' => 'Warning',
    'lang_description' => 'Description',
@ -51,6 +56,8 @@ $lang = array(
    'lang_source' => 'Source',
    'lang_target' => 'Target',
    'lang_length' => 'Length',
    'lang_flag_deleted' => 'deleted',
    'lang_flag_reserved' => 'reserved',
    'lang_asset_add' => 'Add asset',
    'lang_asset_del' => 'Delete asset',
@ -66,12 +73,15 @@ $lang = array(
    'lang_assetclass_del' => 'Delete assetclass',
    'lang_assetclass_edit' => 'Mofidy assetclass',
    'lang_assetclass_name' => 'Assetclass name',
    'lang_assetclass_count' => '# Assets',
    'lang_assetclass_none' => 'There are no assetclasses defined',
    'lang_assetclassgroup_add' => 'Add assetclassgroup',
    'lang_assetclassgroup_del' => 'Delete assetclassgroup',
    'lang_assetclassgroup_edit' => 'Modify assetclassgroup',
    'lang_assetclassgroup_name' => 'Assetclassgroup Name',
    'lang_assetclass_desc' => 'Description',
    'lang_assetclassgroup_count' => '# Classes',
    'lang_assetclassgroup_none' => 'There are no assetclassegroups defined',
    'lang_assignnodetoasset' => 'Assign node to asset',
@ -92,9 +102,10 @@ $lang = array(
    'lang_location_add' => 'Add location',
    'lang_location_del' => 'Delete location',
-    'lang_location_edit' => 'Mofidy location',
+    'lang_location_edit' => 'Modify location',
    'lang_location_info' => 'Location info',
    'lang_location_name' => 'Location name',
    'lang_location_hierarchy' => 'Location hierarchy',
    'lang_location_parent' => 'Parent',
    'lang_sublocation_add' => 'Add Sub-location',
    'lang_location_none' => 'There are no locations defined',
@ -102,6 +113,9 @@ $lang = array(
    'lang_locationsubnet' => 'Location/Subnet',
    'lang_locationsubnet_edit' => 'Edit Location/Subnet',
    'lang_cable_add' => 'Add cable',
    'lang_cable_del' => 'Delete cable',
    'lang_cable_edit' => 'Modify cable',
    'lang_cable_info' => 'Cable info',
    'lang_cable_type' => 'Cable type',
    'lang_cable_none' => 'There are no cables defined',
@ -117,7 +131,6 @@ $lang = array(
    'lang_mac' => 'MAC Address',
    'lang_proto_vers' => 'Protocol version',
    'lang_nat' => 'NAT',
    'lang_nat_add' => 'Add NAT',
    'lang_nat_del' => 'Delete NAT',
    'lang_nat_edit' => 'Modify NAT',
@ -126,6 +139,7 @@ $lang = array(
    'lang_nat_type_1' => 'Hide',
    'lang_nat_type_2' => 'Static',
    'lang_nat_type_3' => 'Dynamic',
    'lang_nat_none' => 'There are no nat rules defined',
    'lang_search_results_found' => 'Total results found',
@ -167,7 +181,7 @@ $lang = array(
    'lang_zone_add' => 'Add zone',
    'lang_zone_del' => 'Delete zone',
-    'lang_zone_edit' => 'Mofidy zone',
+    'lang_zone_edit' => 'Modify zone',
    'lang_zone_none' => 'There are no zones defined',
    'lang_vlan_add' => 'Add VLAN',
--- a/lib.php
+++ b/lib.php
@ -10,6 +10,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
 // ========== CONSTANT DEFINITIONS ============================================
 // page actions
 define ('ACT_ERR_DENIED',  -1);
 define ('ACT_DEFAULT',      0);
 define ('ACT_ADD',          1);
 define ('ACT_VIEW',         2);
@ -24,11 +25,12 @@ define ('ACT_LINK',        10);
 define ('ACT_UNLINK',      11);
 define ('ACT_MAIL',        12);
 define ('ACT_VIEW_LIST',   13);
 define ('ACT_PASSWORD',    14);
 // ========== GLOBAL PAGE START CODE ==========================================
 // global version string
-$config_version = 'v0.9';
+$config_version = 'v0.9.1';
 // available languages
 $config_lang = array('de', 'en');
@ -41,13 +43,15 @@ $smarty->template_dir = 'tpl';
 $smarty->compile_dir = 'tpl_c';
 $smarty->registerPlugin('function', 'treelist', 'print_tree');
 $smarty->registerPlugin('function', 'msgout', 'msgout');
-$smarty->assign("suser_name", $_SESSION['suser_displayname']);
+if (!empty($_SESSION['suser_id'])) {
-$smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off');
+    $smarty->assign("suser_name", $_SESSION['suser_displayname']);
-$smarty->assign("suser_add", $_SESSION['suser_role_add']);
+    $smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off');
-$smarty->assign("suser_edit", $_SESSION['suser_role_edit']);
+    $smarty->assign("suser_add", $_SESSION['suser_role_add']);
-$smarty->assign("suser_delete", $_SESSION['suser_role_delete']);
+    $smarty->assign("suser_edit", $_SESSION['suser_role_edit']);
-$smarty->assign("suser_manage", $_SESSION['suser_role_manage']);
+    $smarty->assign("suser_delete", $_SESSION['suser_role_delete']);
-$smarty->assign("suser_admin", $_SESSION['suser_role_admin']);
+    $smarty->assign("suser_manage", $_SESSION['suser_role_manage']);
    $smarty->assign("suser_admin", $_SESSION['suser_role_admin']);
 }
 // prepare global message system
 $g_message = new Message;
@ -56,6 +60,42 @@ $g_error = new MessageError;
 $action = ACT_DEFAULT;
 // ========== LANGUAGE FUNCTIONS ==============================================
 function lang_getfrombrowser($allowed, $default) {
    // get browser most preferred language if possible
    if (empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
        return $default;
    }
    $accepted = preg_split('/,\s*/', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
    $current_lang = $default;
    $current_q = 0;
    foreach ($accepted as $lang) {
        $res = preg_match ('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i',
                   $lang, $matches);
        if (!$res) {
            continue;
        }
        $lang_code = explode ('-', $matches[1]);
        if (isset($matches[2])) {
            $lang_quality = (float)$matches[2];
        } else {
            $lang_quality = 1.0;
        }
        while (count($lang_code)) {
            if (in_array(strtolower(join ('-', $lang_code)), $allowed)) {
                if ($lang_quality > $current_q) {
                    $current_lang = strtolower (join ('-', $lang_code));
                    $current_q = $lang_quality;
                    break;
                }
            }
            array_pop($lang_code);
        }
    }
    return $current_lang;
 }
 // ========== FEEDBACK FUNCTIONS ==============================================
 class Message {
@ -132,6 +172,13 @@ class MessageError extends Message {
    }
 }
 function msgout(array $parameters, Smarty_Internal_Template $smarty) {
    // This is just a quick hack around missing {php} in Smarty3
    $GLOBALS['g_error']->PrintOut();
    $GLOBALS['g_warning']->PrintOut();
    $GLOBALS['g_message']->PrintOut();
 }
 // ========== FORM FUNCTIONS ==================================================
 function form_get_action() {
@ -155,7 +202,7 @@ function submit_error($action) {
       function by default. An exit() is conscious here *not* installed,
       since it could be that despite such an error the program
       execution should be continued. */
-    return sprintf('The action "%s" is unknown. It is probably a program error.<br /> Please inform your administrator of the exact circumstances of how this situation came about.', strtoupper($action));
+    return sprintf('The action "%s" is unknown. It is probably a program error.<br> Please inform your administrator of the exact circumstances of how this situation came about.', strtoupper($action));
 }
 // ========== DATABASE FUCTIONS ===============================================
@ -168,6 +215,8 @@ function db_load_enum($table, $column) {
            WHERE table_name=? AND column_name=?";
    $sth = $dbh->prepare($sql);
    $sth->execute([$table, $column]);
    // Für PHP < 7.4
    // return array_map(function($x) { return trim($x, "'"); }, explode(',', $sth->fetchColumn()));
    return array_map(fn($x) => trim($x, "'"), explode(',', $sth->fetchColumn()));
 }
@ -256,4 +305,50 @@ function db_get_options_zone($default = NULL) {
    return $options;
 }
-?>
+// ========== MISC FUCTIONS ===================================================
 function strip_mac($mac, $caps=true) {
    // strip mac address to 12 char string
    // strip chars we don't need
    $mac = preg_replace('/[^a-fA-F0-9]/', '', $mac);
    if ($caps) {
        $mac = strtoupper($mac);
    } else {
        $mac = strtolower($mac);
    }
    return $mac;
 }
 function write_mac($mac, $user_mac='xx:xx:xx:xx:xx:xx') {
    // rebuild mac address using user supplied format
    if (strlen($mac) != 12) {
        // if the MAC is empty, or for whatever reason incorrect, just return
        return $mac;
    }
    // check format of user mac: count upper or lower char
    $chars = count_chars($user_mac, 1);
    if (array_key_exists(88, $chars) and $chars[88] == 12) {
        $pattern = '/X/';
        $mac = strtoupper($mac);
    } elseif (array_key_exists(120, $chars) and $chars[120] == 12) {
        $pattern = '/x/';
        $mac = strtolower($mac);
    } else {
        // invalid format
        return $mac;
    }
    for($i=0; $i<12; $i++) {
        $user_mac = preg_replace($pattern, $mac[$i], $user_mac, 1);
    }
    return $user_mac;
 }
 function header_location($location) {
    // redirect page
    header('location:' . $location);
    exit;
 }
--- a/lib/functions.php
+++ b/lib/functions.php
@ -7,54 +7,6 @@ Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 // strip mac address to 12 char string
 function strip_mac($mac) {
    // strip chars we don't need
    $mac = preg_replace("|[^a-fA-F0-9]|", "", $mac);
    // capitalize (just because it looks better eh)
    $mac = strtoupper($mac);
    // and return
    return ($mac);
 }
 // rebuild mac address
 function write_mac($mac) {
    // check string length
    if (strlen($mac)!=12) {
        // if the MAC is empty, or for whatever reason incorrect, just return
        return $mac;
    } else {
        // count to 12...
        for ($i=0; $i<12; $i++) {
            // ... and strip mac to pieces
            ${"mac".$i} = $mac{$i};
        }
        // get user preference
        $user_mac = $_SESSION['suser_mac'];
        // count to 12 again...
        for($i=0; $i<12; $i++) {
            // ... and replace user preference with pieces
            $user_mac = preg_replace("/x/", ${"mac".$i}, $user_mac, 1);
        }
        // and return
        return $user_mac;
    }
 }
 // redirect page
 function header_location($location) {
    // send header
    header("location: " . $location);
    // exit to be sure
    exit;
 }
 // sanitize input
 function sanitize($input) {
    global $dblink;
@ -78,57 +30,13 @@ function sanitize($input) {
    return $input;
 }
 function mysql_nullstring($input) {
    if (isset($input)) {
        return $input;
    } else {
        return '';
    }
 }
 function lang_getfrombrowser ($allowed_languages, $default_language, $lang_variable = null, $strict_mode = true) {
    if ($lang_variable === null) {
        $lang_variable = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
    }
    if (empty($lang_variable)) {
        return $default_language;
    }
    $accepted_languages = preg_split('/,\s*/', $lang_variable);
    $current_lang = $default_language;
    $current_q = 0;
    foreach ($accepted_languages as $accepted_language) {
        $res = preg_match ('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i',
                   $accepted_language, $matches);
        if (!$res) {
            continue;
        }
        $lang_code = explode ('-', $matches[1]);
        if (isset($matches[2])) {
            $lang_quality = (float)$matches[2];
        } else {
            $lang_quality = 1.0;
        }
        while (count ($lang_code)) {
            if (in_array (strtolower (join ('-', $lang_code)), $allowed_languages)) {
                if ($lang_quality > $current_q) {
                    $current_lang = strtolower (join ('-', $lang_code));
                    $current_q = $lang_quality;
                    break;
                }
            }
            if ($strict_mode) {
                break;
            }
            array_pop ($lang_code);
        }
    }
    return $current_lang;
 }
 function print_tree_rec($tree, $level) {
    $output = '<ul class="treelvl' . $level. '">' . "\n";
    foreach ($tree as $node) {
        $output .= '<li><a href="' . $node['href'] . '">' . $node['value'] . '</a>';
        if ($node['info']) {
            $output .= ' - ' . $node['info'];
        }
        if ($node['children']) {
            $output .= "\n" . print_tree_rec($node['children'], $level+1);
        }
@ -138,7 +46,6 @@ function print_tree_rec($tree, $level) {
    return $output;
 }
 //function print_tree($params, &$smarty) {
 function print_tree($params, Smarty_Internal_Template $template) {
    if (empty($params['level'])) {
        $level = 0;
@ -152,12 +59,3 @@ function print_tree($params, Smarty_Internal_Template $template) {
    }
 }
 function msgout(array $parameters, Smarty_Internal_Template $smarty)
 {
    // This is just a quick hack around missing {php} in Smarty3
    $GLOBALS['g_error']->PrintOut();
    $GLOBALS['g_warning']->PrintOut();
    $GLOBALS['g_message']->PrintOut();
 }
 ?>
--- a/location.php
+++ b/location.php
@ -9,13 +9,146 @@ SPDX-License-Identifier: GPL-3.0-or-later
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // look for parents
 // function to look for parents and create a new array for every child
 function location($parents, $parent = 0) {
 	// loop array to check
 	foreach($parents[$parent] as $child) {
 		if(isset($parents[$child])) {
 			// element has children
 			$children[$child] = location($parents, $child);
 		} else {
 			// no children, set NULL
 			$children[$child] = NULL;
 		}
 	}
 	// and again...
 	return $children;
 }
 // recursive children check to template
 function checkchildren($locations, $level) {
 	global $location_options;
 	global $location_names;
 	global $location_parent;
 	foreach ($locations as $parent=>$child) {
 		$row = str_repeat("-&nbsp;&nbsp;", $level) . $location_names[$parent];
 		$location_options[$parent] = $row;
 		if (isset($child)) {
 			checkchildren($child, $level+1);
 		}
 	}
 }
 // ========== ADDITIONAL ACTION DEFINITIONS ===================================
 define ('ACT_SUBNET_EDIT', 100);
 define ('ACT_SUBNET_ADD', 101);
 define ('ACT_SUBNET_DEL', 102);
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'link':  $action = ACT_SUBNET_EDIT; break;
    case 'exec-link':
        if ($_POST['action'] == 'locationsubnetadd') {
            $action = ACT_SUBNET_ADD;
        } elseif ($_POST['action'] == 'locationsubnetdel') {
            $action = ACT_SUBNET_DEL;
        } else {
            $g_warning->Add('invalid action!'. $_POST['action']);
        }
        break;
    case 'insert':
        $name = sanitize($_POST['location_name']);
        $parent = sanitize($_POST['location_parent']);
        $info = sanitize($_POST['location_info']);
        $sql = "INSERT INTO location (
                    location_name, location_parent, location_info
                )
                VALUE (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$name, $parent, $info]);
        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break;
    case 'update':
        $location_name = sanitize($_POST['location_name']);
        $location_info = sanitize($_POST['location_info']);
        $parentlocation_id = sanitize($_POST['parentlocation_id']);
        $sql = "UPDATE location SET
                    location_name=?, location_parent=?, location_info=?
                WHERE location_id=?";
        $sth = $dbh->prepare($sql);
        $sth->execute([$location_name, $parentlocation_id, $location_info, $id]);
        $action = ACT_VIEW;
        break;
    case 'subnetlink':
        $subnet_id = sanitize($_POST['subnet_id']);
        $sql = "INSERT INTO subnetlocation (location_id, subnet_id) VALUE (?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$id, $subnet_id]);
        $action = ACT_VIEW;
        break;
    case 'subnetunlink':
        $subnet_id = sanitize($_POST['subnet_id']);
        $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
        $sth->execute([$id, $subnet_id]);
        $g_message->Add('Link removed');
        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=?");
        $sth->execute([$id]);
        $n = $sth->rowCount();
        if ($n > 0) {
            $g_message->Add("$n Subnetzzuordnungen wurden entfernt.");
        }
        $sth = $dbh->prepare("DELETE FROM location WHERE location_id=?");
        $g_message->Add("Standort wurde gelöscht.");
        $sth->execute([$id]);
        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
-$sql = "SELECT location_id AS id, location_name AS value, location_parent AS parent_id
+if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 $sql = "SELECT location_id AS id, location_name AS value, location_parent AS parent_id,
            CONCAT(LEFT(location_info,40), IF(CHAR_LENGTH(location_info)>40,'...','')) AS info
        FROM location
        ORDER BY location_parent, location_sort, location_name";
 $sth = $dbh->query($sql);
 $locations = $sth->fetchAll();
 $smarty->assign('location_count', count($locations));
 // function for recursion
 function build_tree($parent_id, $level) {
@ -26,7 +159,7 @@ function build_tree($parent_id, $level) {
            unset($location['parent_id']);
            $location['children'] = build_tree($location['id'], $level+1);
            $location['level'] = $level;
-            $location['href'] = 'locationview.php?location_id=' . $location['id'];
+            $location['href'] = 'location.php?f=view&id=' . $location['id'];
            $children[] = $location;
        }
    }
@ -38,5 +171,204 @@ $smarty->assign("locations", $tree);
 $smarty->display("location.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 $sql = "SELECT location_id AS id, location_name AS name,
            location_parent AS parent, location_sort AS sort
        FROM location
        ORDER BY location_parent, location_sort, location_name";
 $sth = $dbh->query($sql);
 $locations = $sth->fetchAll();
 if (count($locations) > 0) {
    foreach ($locations AS $location) {
        $location_names[$location['id']] = $location['name'];
        $parents[$location['parent']][] = $location['id'];
    }
 }
 $tree = location($parents);
 // create tree option list
 $location_options = array(0 => '-');
 checkchildren($tree, 0);
 $smarty->assign("location_options", $location_options);
 $location_parent = sanitize($_GET['parent']);
 $smarty->assign("location_parent", $location_parent);
 $smarty->display("locationadd.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 // base location
 $sql = "SELECT location_id AS id, location_name AS name,
            location_parent AS parent_id, location_info AS info,
            CONCAT('location.php?f=view&id=', location_id) AS url
 	    FROM location
 	    WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $location = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("location", $location);
 // crumbs
 $crumbs[] = $location;
 $sql = "SELECT location_id AS id, location_name AS name,
            location_parent AS parent_id,
            CONCAT('location.php?f=view&id=', location_id) AS url
 	    FROM location
 	    WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 while ($crumbs[0]->parent_id != 0) {
 	$sth->execute([$crumbs[0]->parent_id]);
 	$result = $sth->fetch(PDO::FETCH_OBJ);
 	array_unshift($crumbs, $result);
 }
 $smarty->assign("crumbs", $crumbs);
 // sublocations		
 $sql = "SELECT location_id AS sublocation_id, location_name AS sublocation_name,
            LEFT(location_info, 40) AS info_short,
            CHAR_LENGTH(location_info) AS info_length
        FROM location
        WHERE location_parent=?
        ORDER BY location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("sublocations", $sth->fetchAll());
 // subnets
 $sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask
        FROM subnet AS s LEFT JOIN subnetlocation AS l USING (subnet_id)
 	    WHERE l.location_id=?
 	    ORDER BY INET_ATON(s.subnet_address)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnets", $sth->fetchAll());
 $smarty->display("locationview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 // TODO implement sorting with location_sort
 // location			
 $sql = "SELECT location_id AS id, location_name AS name, location_parent AS parent,
            location_info AS info, location_sort AS sort
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $location = $sth->fetch(PDO::FETCH_OBJ);
 $location_parent = $location->parent;
 $smarty->assign("location", $location);
 // parent location
 $sql = "SELECT location_id, location_name, location_parent
        FROM location
        WHERE location_id != ?
        ORDER BY location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $locations = $sth->fetchAll();
 $location_counter = count($locations);
 $smarty->assign("location_counter", $location_counter);
 // any locations?
 if ($location_counter>0) {
 	foreach($locations AS $location) {
 		$location_names[$location['location_id']] = $location['location_name'];
 		$parents[$location['location_parent']][] = $location['location_id'];
 	}
 }
 $tree = location($parents);
 $location_options = array(0 => '-');
 checkchildren($tree, 0);
 $smarty->assign("location_options", $location_options);
 $smarty->assign("location_parent", $location_parent);
 $smarty->display("locationedit.tpl");
 elseif ($action == ACT_SUBNET_EDIT):
 // ========== VARIANT: location to subnet =====================================
 $sql = "SELECT location_id AS id, location_name AS name
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("locationsubnetedit.tpl");
 elseif ($action == ACT_SUBNET_ADD):
 // ========== VARIANT: add location to subnet =================================
 $sql = "SELECT location_id AS id, location_name AS name
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 // TODO Filter für bereits zugeordnete Subnetze
 $smarty->assign("subnet_options", db_get_options_subnet());
 $smarty->display("locationsubnetadd.tpl");
 elseif ($action == ACT_SUBNET_DEL):
 // ========== VARIANT: del location to subnet =================================
 // location
 $sql = "SELECT location_id AS id, location_name AS name
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 // subnet
 $sql = "SELECT s.subnet_id, CONCAT_WS('/', s.subnet_address, s.subnet_mask)
        FROM subnetlocation AS l LEFT JOIN subnet AS s USING (subnet_id)
        WHERE l.location_id=?
        ORDER BY INET_ATON(s.subnet_address)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $options = array();
 foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
    $options[$rec[0]] = $rec[1];
 }
 $smarty->assign("subnet_options", $options);
 $smarty->display("locationsubnetdel.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $sql = "SELECT location_id AS id, location_name AS name FROM location WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("locationdel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/locationadd.php
+++ b/locationadd.php
@ -1,75 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_parent = sanitize($_GET['location_parent']);
 include("header.php");
 // *************   <option value="0">{$lang_option_none}</option>
 $sql = "SELECT location_id AS id, location_name AS name,
            location_parent AS parent, location_sort AS sort
        FROM location
        ORDER BY location_parent, location_sort, location_name";
 $sth = $dbh->query($sql);
 $locations = $sth->fetchAll();
 if (count($locations) > 0) {
    foreach ($locations AS $location) {
        $location_names[$location['id']] = $location['name'];
        $parents[$location['parent']][] = $location['id'];
    }
 }
 // look for parents
 // function to look for parents and create a new array for every child
 function location($parents, $parent = 0) {
    foreach ($parents[$parent] as $child) {
        if (isset($parents[$child])) {
            // element has children
            $children[$child] = location($parents, $child);
        } else {
            // no children, set NULL
            $children[$child] = NULL;
        }
    }
    return $children;
 }
 // recursive children check to template
 function checkchildren($locations, $level) {
 	global $location_options;
 	global $location_names;
 	global $location_parent;
 	foreach ($locations as $parent=>$child) {
 		$row = str_repeat("-&nbsp;&nbsp;", $level) . $location_names[$parent];
 		$location_options[$parent] = $row;
 		if (isset($child)) {
 			checkchildren($child, $level+1);
 		}
 	}
 }
 $tree = location($parents);
 // create tree option list
 $location_options = array(0 => '-');
 checkchildren($tree, 0);
 $smarty->assign("location_options", $location_options);
 $smarty->assign("location_parent", $location_parent);
 $smarty->display("locationadd.tpl");
 include("footer.php");
 ?>
--- a/locationdel.php
+++ b/locationdel.php
@ -1,24 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 $sql = "SELECT location_id AS id, location_name AS name FROM location WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$location_id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("locationdel.tpl");
 include("footer.php");
 ?>
--- a/locationedit.php
+++ b/locationedit.php
@ -1,98 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 // location			
 $sql = "SELECT location_id AS id, location_name AS name, location_parent AS parent,
            location_info AS info, location_sort AS sort
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$location_id]);
 $location = $sth->fetch(PDO::FETCH_OBJ);
 $location_parent = $location->parent;
 $smarty->assign("location", $location);
 /*$smarty->assign("location_id", $location_id);
 $smarty->assign("location_name", $location[0]['location_name']);
 $smarty->assign("location_info", $location[0]['location_info']);
 $smarty->assign("location_sort", $location[0]['location_sort']); */
 // parent location
 $sql = "SELECT location_id, location_name, location_parent
        FROM location
        WHERE location_id != ?
        ORDER BY location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$location_id]);
 $locations = $sth->fetchAll();
 $location_counter = count($locations);
 $smarty->assign("location_counter", $location_counter);
 // any loactions?
 if ($location_counter>0) {
 	foreach($locations AS $location) {
 		$location_names[$location['location_id']] = $location['location_name'];
 		$parents[$location['location_parent']][] = $location['location_id'];
 	}
 }
 // look for parents
 // function to look for parents and create a new array for every child
 function location($parents, $parent = 0) {
 	// loop array to check
 	foreach($parents[$parent] as $child) {
 		if(isset($parents[$child])) {
 			// element has children
 			$children[$child] = location($parents, $child);
 		} else {
 			// no children, set NULL
 			$children[$child] = NULL;
 		}
 	}
 	// and again...
 	return $children;
 }
 // recursive children check to template
 function checkchildren($locations, $level) {
 	global $location_options;
 	global $location_names;
 	global $location_parent;
 	foreach ($locations as $parent=>$child) {
 		$row = str_repeat("-&nbsp;&nbsp;", $level) . $location_names[$parent];
 		$location_options[$parent] = $row;
 		if(isset($child)) {
 			checkchildren($child, $level+1);
 		}
 	}
 }
 $tree = location($parents);
 $location_options = array(0 => '-');
 checkchildren($tree, 0);
 $smarty->assign("location_options", $location_options);
 $smarty->assign("location_parent", $location_parent);
 $smarty->display("locationedit.tpl");
 include("footer.php");
 ?>
--- a/locationsubnetadd.php
+++ b/locationsubnetadd.php
@ -1,28 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 $sql = "SELECT location_id AS id, location_name AS name
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$location_id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("subnet_options", db_get_options_subnet());
 $smarty->display("locationsubnetadd.tpl");
 include("footer.php");
 ?>
--- a/locationsubnetdel.php
+++ b/locationsubnetdel.php
@ -1,44 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 // location		
 $sql = "SELECT location_id AS id, location_name AS name
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$location_id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 // subnet
 $sql = "SELECT
 		s.subnet_id,
 		s.subnet_address,
 		s.subnet_mask
 	FROM
 		subnetlocation AS l LEFT JOIN subnet AS s USING (subnet_id)
 	WHERE
 		l.location_id=?
 	ORDER BY
 		INET_ATON(s.subnet_address)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$location_id]);
 $smarty->assign($sth->fetchAll());
 $smarty->display("locationsubnetdel.tpl");
 include("footer.php");
 ?>
--- a/locationsubnetedit.php
+++ b/locationsubnetedit.php
@ -1,26 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 include("header.php");
 $sql = "SELECT location_id AS id, location_name AS name
        FROM location
        WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$location_id]);
 $smarty->assign("location", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("locationsubnetedit.tpl");
 include("footer.php");
 ?>
--- a/locationview.php
+++ b/locationview.php
@ -1,67 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $location_id = sanitize($_GET['location_id']);
 if ((isset($_GET['id'])) ? $id = sanitize($_GET['id']) : $id = '');
 include("header.php");
 // base location
 $sql = "SELECT location_id AS id, location_name AS name,
            location_parent AS parent_id, location_info AS info,
            CONCAT('locationview.php?location_id=', location_id) AS url
 	    FROM location
 	    WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$location_id]);
 $location = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("location", $location);
 // crumbs
 $crumbs[] = $location;
 $sql = "SELECT location_id AS id, location_name AS name,
            location_parent AS parent_id,
            CONCAT('locationview.php?location_id=', location_id) AS url
 	    FROM location
 	    WHERE location_id=?";
 $sth = $dbh->prepare($sql);
 while ($crumbs[0]->parent_id != 0) {
 	$sth->execute([$crumbs[0]->parent_id]);
 	$result = $sth->fetch(PDO::FETCH_OBJ);
 	array_unshift($crumbs, $result);
 }
 $smarty->assign("crumbs", $crumbs);
 // sublocations		
 $sql = "SELECT location_id AS sublocation_id, location_name AS sublocation_name,
            LEFT(location_info, 40) AS info_short,
            CHAR_LENGTH(location_info) AS info_length
        FROM location
        WHERE location_parent=?
        ORDER BY location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$location_id]);
 $smarty->assign("sublocations", $sth->fetchAll());
 // subnets
 $sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask
        FROM subnet AS s LEFT JOIN subnetlocation AS l USING (subnet_id)
 	    WHERE l.location_id=?
 	    ORDER BY INET_ATON(s.subnet_address)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$location_id]);
 $smarty->assign("subnets", $sth->fetchAll());
 $smarty->display("locationview.tpl");
 include("footer.php");
 ?>
--- a/login.php
+++ b/login.php
@ -7,20 +7,56 @@ Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 session_name('ipreg');
 session_start();
 if (! include("config.php")) {
-    echo "<!DOCTYPE html><html><head><title>IP Reg</title></head><body><h1>IP Reg</h1><h2>No configuration</h2><p>Error loading configuration. Please check your installation.</p></body></html>\n";
+    echo "<!DOCTYPE html><html><head><title>IP Reg</title></head><body>\n";
    echo "<h1>IP Reg</h1><h2>No configuration</h2>\n";
    echo '<p>Error loading configuration.';
    echo 'Please <a href="install">check your installation</a>.', "</p>\n";
    echo "</body></html>\n";
    exit(1);
 }
 session_name($config_app_session);
 session_start();
 // connect to database
 $dbh = new PDO("mysql:host=$config_mysql_host;dbname=$config_mysql_dbname;charset=utf8", $config_mysql_username, $config_mysql_password);
 $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
-include("lib.php"); // only for get_language from browser. TODO: simplify
+include("lib.php"); // for smarty e.g.
 // ========== LOGIN FUNCTIONS =================================================
 function check_ldap_bind($user_name, $user_pass) {
    global $config_ldap_host;
    global $config_ldap_port;
    global $config_ldap_base_dn;
    global $config_ldap_bind_dn;
    global $config_ldap_bind_pass;
    global $config_ldap_login_attr;
    $ldap_conn = NULL;
    foreach ($config_ldap_host as $server) {
        if ($ldap_conn = ldap_connect($server, $config_ldap_port)) {
            if ($res = ldap_bind($ldap_conn, $config_ldap_bind_dn, $config_ldap_bind_pass)) {
                ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
                ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
                $filter = "(&(objectClass=user)($config_ldap_login_attr=$user_name))";
                $res = ldap_search($ldap_conn, $config_ldap_base_dn, $filter, ['dn']);
                if ($res) {
                    $info = ldap_get_entries($ldap_conn, $res);
                    $user_dn = utf8_encode($info[0]['dn']);
                    $res = @ldap_bind($ldap_conn, $user_dn, $user_pass);
                    if ($res) {
                        return TRUE;
                    }
                }
            }
            return FALSE;
        }
    }
    return FALSE;
 }
 function user_login ($user_name, $user_pass) {
    global $dbh;
@ -36,7 +72,7 @@ function user_login ($user_name, $user_pass) {
    $sql = "SELECT user_id, user_pass, user_displayname, user_language,
                user_imagesize, user_imagecount, user_mac, user_dateformat,
                user_dns1suffix, user_dns2suffix, user_tooltips,
-                user_menu, user_role, user_flags
+                user_menu, user_role, user_flags, user_realm
            FROM user
            WHERE user_name=?";
    $sth = $dbh->prepare($sql);
@ -47,22 +83,31 @@ function user_login ($user_name, $user_pass) {
        return FALSE;
    }
-    if (strcmp(md5($user_pass), rtrim($user->user_pass)) != 0) {
+    if ($user->user_realm == 'ldap') {
-        // password does not match with md5, check if new hash matches
+        // check LDAP auth
-        // For future expansion: $pwd_peppered = hash_hmac('sha256', $user_pass, $config_pepper);
+        if (! check_ldap_bind($user_name, $user_pass)) {
        if (! password_verify($user_pass, $user->user_pass)) {
            return FALSE;
        }
        // TODO sync LDAP data to local
    } else {
-        // md5 match but outdated. rewrite with new algo
+        // compare local passwords
-        $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
+        if (strcmp(md5($user_pass), rtrim($user->user_pass)) != 0) {
-        $newhash = password_hash($user_pass, PASSWORD_BCRYPT);
+            // password does not match with md5, check if new hash matches
-        $sth->execute([$newhash, $user->user_id]);
+            // For future expansion: $pwd_peppered = hash_hmac('sha256', $user_pass, $config_pepper);
            if (! password_verify($user_pass, $user->user_pass)) {
                return FALSE;
            }
        } else {
            // md5 match but outdated. rewrite with new algo
            $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
            $newhash = password_hash($user_pass, PASSWORD_BCRYPT);
            $sth->execute([$newhash, $user->user_id]);
        }
    }
    // all ok: user is logged in, register session data
    $_SESSION['suser_id'] = $user->user_id;
    $_SESSION['suser_realm'] = $user->user_realm;
    $_SESSION['suser_displayname'] = $user->user_displayname;
    $_SESSION['suser_language'] = $user->user_language;
    $_SESSION['suser_imagesize'] = $user->user_imagesize;
@ -74,11 +119,15 @@ function user_login ($user_name, $user_pass) {
    $_SESSION['suser_tooltips'] = $user->user_tooltips;
    $roles = explode(',', $user->user_role);
    if (in_array('admin', $roles)) {
        // admin means everything!
        $roles = ['add', 'edit', 'delete', 'manage', 'admin'];
        $_SESSION['suser_role_admin'] = true;
    }
    $_SESSION['suser_role_add'] = in_array('add', $roles);
    $_SESSION['suser_role_edit'] = in_array('edit', $roles);
    $_SESSION['suser_role_delete'] = in_array('delete', $roles);
    $_SESSION['suser_role_manage'] = in_array('manage', $roles);
    $_SESSION['suser_role_admin'] = in_array('admin', $roles);
    $menu = explode(',', $user->user_menu);
    $_SESSION['suser_menu_assets'] = in_array('asset', $menu);
@ -87,6 +136,7 @@ function user_login ($user_name, $user_pass) {
    $_SESSION['suser_menu_cables'] = in_array('cable', $menu);
    $_SESSION['suser_menu_locations'] = in_array('location', $menu);
    $_SESSION['suser_menu_nodes'] = in_array('node', $menu);
    $_SESSION['suser_menu_nats'] = in_array('nat', $menu);
    $_SESSION['suser_menu_subnets'] = in_array('subnet', $menu);
    $_SESSION['suser_menu_vlans'] = in_array('vlan', $menu);
    $_SESSION['suser_menu_zones'] = in_array('zone', $menu);
@ -96,7 +146,9 @@ function user_login ($user_name, $user_pass) {
 // No header included, this page has no menu
-$language = lang_getfrombrowser($config_lang, $config_lang_default, null, false);
+// ========== LOGIN: HERE BE DRAGONS ==========================================
 $language = lang_getfrombrowser($config_lang, $config_lang_default);
 include('lang/' . $language . '.php');
 if ($_SERVER['REQUEST_METHOD'] == "POST" ) {
@ -116,5 +168,4 @@ $smarty->assign("config_version", $config_version);
 $smarty->assign($lang);
 $smarty->display("login.tpl");
-include("footer.php");
+$smarty->display('footer.tpl');
 ?>
--- a/logout.php
+++ b/logout.php
@ -14,4 +14,3 @@ $_SESSION = array();
 // redirect to start page
 header("Location: index.php");
 ?> 
--- a/nat.php
+++ b/nat.php
@ -9,8 +9,69 @@ SPDX-License-Identifier: GPL-3.0-or-later
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'exec-edit':
        if ($_POST['action'] == 'natadd') {
            $action = ACT_ADD;
        } elseif ($_POST['action'] == 'natdel') {
            $action = ACT_DELETE;
        } else {
            $g_warning->Add('Invalid action: '. $_POST['action']);
        }
        break;
    case 'insert':
        $node_id_ext = sanitize($_POST['node_id_ext']);
        $node_id_int = sanitize($_POST['node_id_int']);
        $nat_type = sanitize($_POST['nat_type']);
        $sql = "INSERT INTO nat (nat_ext, nat_int, nat_type)
                VALUE (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$node_id_ext, $node_id_int, $nat_type]);
        header_location("node.php?f=view&id=$node_id_ext");
        break;
    case 'delete':
        $node_id_ext = sanitize($_POST['node_id_ext']);
        $sth = $dbh->prepare("DELETE FROM nat WHERE nat_id=?");
        try {
            $sth->execute([$id]);
        } catch (PDOException $e) {
            $g_warning->Add($e->getMessage());
        }
        // TODO
        // header_location("node.php?f=view&id=" . $node_id_ext);
        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
 if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 $sql = "SELECT n.nat_id AS id, n.nat_type, n.nat_ext, n.nat_int,
            n.nat_ext_port AS port_ext, n.nat_int_port AS port_int,
            n.nat_description AS description,
@ -22,7 +83,120 @@ $sql = "SELECT n.nat_id AS id, n.nat_type, n.nat_ext, n.nat_int,
 $sth = $dbh->query($sql);
 $smarty->assign("nats", $sth->fetchAll());
 $smarty->display("nat.tpl");
-include("footer.php");
+
-?>
+elseif ($action == ACT_ADD):
 // ========== VARIANT: add record =============================================
 $node_id = sanitize($_REQUEST['node_id']);
 // node_ext
 $sql = "SELECT node_ip AS node_ip_ext
        FROM node
        WHERE node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $node = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("node_id_ext", $node_id);
 $smarty->assign("node_ip_ext", $node->node_ip_ext);
 // node_int
 $sql = "SELECT
 		a.asset_name,
 		n.node_id AS node_id_int,
 		n.node_ip AS node_ip_int
 	FROM
 		asset AS a LEFT JOIN node AS n USING (asset_id)
 	WHERE
 		n.node_id NOT IN (
 			SELECT
 				nat_int
 			FROM
 				nat
 			WHERE
 				nat_ext=?
 		)
 		AND n.node_id!=?
 	ORDER BY
 		INET_ATON(n.node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id, $node_id]);
 $nodes = $sth->fetchAll();
 foreach ($nodes as $rec) {
     $node_options[$rec['node_id_int']] = $rec['node_ip_int'] . '/' . $rec['asset_name'];
 }
 $smarty->assign("node_options", $node_options);
 $nat_type_options[1] = $lang['lang_nat_type_1'];
 $nat_type_options[2] = $lang['lang_nat_type_2'];
 $nat_type_options[3] = $lang['lang_nat_type_3'];
 $smarty->assign("nat_type_options", $nat_type_options);
 $smarty->display("natadd.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 $sql = "SELECT nat_id AS id, nat_type AS type, nat_ext, nat_int FROM nat WHERE nat_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("nat", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("natview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $node_id = sanitize($_GET['node_id']);
 $sql = "SELECT node_id AS id, node_ip AS ip FROM node WHERE node.node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("natedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $node_id = sanitize($_REQUEST['node_id']);
 // node_ext
 $sth = $dbh->prepare("SELECT node_id AS id_ext, node_ip AS ip_ext FROM node WHERE node_id=?");
 $sth->execute([$node_id]);
 $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 // options
 $sql = "SELECT x.nat_id, n.node_ip, a.asset_name
 	FROM nat AS x
 	    LEFT JOIN node AS n ON (x.nat_int=n.node_id)
 	    LEFT JOIN asset AS a USING (asset_id) 
 	WHERE x.nat_ext=?
 	ORDER BY INET_ATON(n.node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $nats = $sth->fetchAll();
 $options = array();
 foreach ($nats as $rec) {
    $options[$rec['nat_id']] = $rec['node_ip'] . '/' . $rec['asset_name'];
 }
 $smarty->assign("nat_options", $options);
 $smarty->display("natdel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/natadd.php
+++ b/natadd.php
@ -1,65 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_id = sanitize($_GET['node_id']);
 include("header.php");
 // node_ext
 $sql = "SELECT node_ip AS node_ip_ext
        FROM node
        WHERE node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $node = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("node_id_ext", $node_id);
 $smarty->assign("node_ip_ext", $node->node_ip_ext);
 // node_int
 $sql = "SELECT
 		a.asset_name,
 		n.node_id AS node_id_int,
 		n.node_ip AS node_ip_int
 	FROM
 		asset AS a LEFT JOIN node AS n USING (asset_id)
 	WHERE
 		n.node_id NOT IN (
 			SELECT
 				nat_int
 			FROM
 				nat
 			WHERE
 				nat_ext=?
 		)
 		AND n.node_id!=?
 	ORDER BY
 		INET_ATON(n.node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id, $node_id]);
 $nodes = $sth->fetchAll();
 foreach ($nodes as $rec) {
     $node_options[$rec['node_id_int']] = $rec['node_ip_int'] . '/' . $rec['asset_name'];
 }
 $smarty->assign("node_options", $node_options);
 $nat_type_options[1] = $lang['lang_nat_type_1'];
 $nat_type_options[2] = $lang['lang_nat_type_2'];
 $nat_type_options[3] = $lang['lang_nat_type_3'];
 $smarty->assign("nat_type_options", $nat_type_options);
 $smarty->display("natadd.tpl");
 include("footer.php");
 ?>
--- a/natdel.php
+++ b/natdel.php
@ -1,40 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_id = sanitize($_GET['node_id']);
 include("header.php");
 // node_ext
 $sth = $dbh->prepare("SELECT node_id AS id_ext, node_ip AS ip_ext FROM node WHERE node_id=?");
 $sth->execute([$node_id]);
 $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 // options
 $sql = "SELECT x.nat_id, n.node_ip, a.asset_name
 	FROM nat AS x
 	    LEFT JOIN node AS n ON (x.nat_int=n.node_id)
 	    LEFT JOIN asset AS a USING (asset_id) 
 	WHERE x.nat_ext=?
 	ORDER BY INET_ATON(n.node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $nats = $sth->fetchAll();
 $options = array();
 foreach ($nats as $rec) {
    $options[$rec['nat_id']] = $rec['node_ip'] . '/' . $rec['asset_name'];
 }
 $smarty->assign("nat_options", $options);
 $smarty->display("natdel.tpl");
 include("footer.php");
 ?>
--- a/natedit.php
+++ b/natedit.php
@ -1,24 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_id = sanitize($_GET['node_id']);
 include("header.php");
 $sql = "SELECT node_id AS id, node_ip AS ip FROM node WHERE node.node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("natedit.tpl");
 include("footer.php");
 ?>
--- a/node.php
+++ b/node.php
@ -8,8 +8,125 @@ SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'link':  $action = ACT_LINK; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'insert':
        // node with asset or link node to asset
        $asset_name = sanitize($_POST['asset_name']);
        $asset_hostname = sanitize($_POST['asset_hostname']);
        $assetclass_id = sanitize($_POST['assetclass_id']);
        $ip = sanitize($_POST['node_ip']);
        $mac = strip_mac(sanitize($_POST['node_mac']));
        if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1']));
        if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2']));
        $node_info = sanitize($_POST['node_info']);
        $subnet_id = $_POST['subnet_id'];
        $sql = "INSERT INTO asset (asset_name, asset_hostname, assetclass_id)
                   VALUE (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$asset_name, $asset_hostname, $assetclass_id]);
        $asset_id = $dbh->lastInsertId();
        $sql = "INSERT INTO node (
                    node_ip, node_mac, node_dns1, node_dns2, node_info,
                    subnet_id, asset_id
                )
                VALUES (?, ?, ?, ?, ?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$ip, $mac, $dns1, $dns2, $node_info, $subnet_id, $asset_id]);
        $action = ACT_VIEW;
        break;
    case 'exec-link':
        $node_ip = sanitize($_POST['node_ip']);
        $subnet_id = sanitize($_POST['subnet_id']);
        $asset_id = sanitize($_POST['asset_id']);
        $node_mac = strip_mac(sanitize($_POST['node_mac']));
        if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1']));
        if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2']));
        $node_info = $_POST['node_info'];
        $sql = "INSERT INTO node (
                    node_ip, node_mac, node_dns1, node_dns2, node_info,
                    subnet_id, asset_id
                ) 
                VALUES (?, ?, ?, ?, ?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$node_ip, $node_mac, $node_dns1, $node_dns2, $node_info,
                       $subnet_id, $asset_id]);
        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break; 
    case 'update':
        $asset_id = sanitize($_POST['asset_id']);
        $node_ip = sanitize($_POST['node_ip']);
        $subnet_id = sanitize($_POST['subnet_id']);
        $node_mac = strip_mac(sanitize($_POST['node_mac']));
        $node_dns1 = sanitize($_POST['node_dns1']);
        $node_dns2 = sanitize($_POST['node_dns2']);
        $node_info = sanitize($_POST['node_info']);
        $zone_id = sanitize($_POST['zone_id']);
        $flag_deleted = isset($_POST['flag_deleted']) or false;
        $flag_reserved = isset($_POST['flag_reserved']) or false;
        // construct flags
        $flags = array();
        if ($flag_deleted) $flags[] = 'deleted';
        if ($flag_reserved) $flags[] = 'reserved';
        $flags = empty($flags) ? NULL : implode(',', $flags);
        $sql = "UPDATE node SET
                    asset_id=?, node_ip=?, subnet_id=?, node_mac=?,
                    node_dns1=?, node_dns2=?, node_info=?, zone_id=?,
                    node_flags=?
                WHERE node_id=?";
        $sth = $dbh->prepare($sql);
        $sth->execute([$asset_id, $node_ip, $subnet_id, $node_mac, 
                       $node_dns1, $node_dns2, $node_info, $zone_id,
                       $flags,
                       $id]);
        $action = ACT_VIEW;
        break;
    case 'delete':
        $sth = $dbh->prepare("SELECT node_ip FROM node WHERE node_id=?");
        $sth->execute([$id]);
        $node_ip = $sth->fetchColumn();
        $sth = $dbh->prepare("DELETE FROM node WHERE node_id=?");
        $sth->execute([$id]);
        $action = ACT_DEFAULT;
        $g_message->Add(sprintf(_('Node %s deleted'), $node_ip));
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
 if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 // filter preparation
 $p = array();
 $w = array();
@ -31,15 +148,24 @@ if(isset($_GET['subnet_id'])) {
    $smarty->assign("subnet_id", '');
 }
 // deleted records only for admin or manager
 if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] == 0)) {
    $w[] = "((n.node_flags IS NULL) OR (n.node_flags & 0x1 = 0))";
 }
 // create sql with optional filter
 $where = join(' AND ', $w);
-$sql = "SELECT a.asset_id, a.asset_info, 
+$sql = "SELECT a.asset_id,
            CONCAT(LEFT(a.asset_info,30), IF(CHAR_LENGTH(a.asset_info)>30,'...','')) AS asset_info,
            REPLACE(a.asset_name, ' ', '&nbsp;') AS asset_name,
-            n.node_id, n.node_ip
+            n.node_id, n.node_ip, (n.node_flags & 0x1)=1 AS deleted,
-        FROM node AS n LEFT JOIN asset AS a USING (asset_id)";
+            CONCAT(LEFT(n.node_info,30), IF(CHAR_LENGTH(n.node_info)>30,'...','')) AS node_info,
            c.assetclass_id, c.assetclass_name
        FROM node AS n LEFT JOIN asset AS a USING (asset_id)
            LEFT JOIN assetclass AS c USING (assetclass_id)";
 if ($where) {
-    $sql .= ' WHERE ' . $where;
+    $sql .= ' WHERE ' . $where . ' ';
 }
 $sql .= "GROUP BY n.node_id ORDER BY INET_ATON(n.node_ip)";
 $sth = $dbh->prepare($sql);
@ -48,5 +174,139 @@ $smarty->assign("nodes", $sth->fetchAll());
 $smarty->display("node.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 // add node and asset
 if ((isset($_GET['node_ip'])) ? $node_ip = sanitize($_GET['node_ip']) : $node_ip = '');
 if ((isset($_GET['subnet_id'])) ?  $subnet_id = sanitize($_GET['subnet_id']) : $subnet_id = '');
 $smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
 $smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
 $smarty->assign("node_ip", $node_ip);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_options", db_get_options_subnet());
 $smarty->assign("assetclass_options", db_get_options_assetclass());
 $smarty->display("nodeadd.tpl");
 elseif ($action == ACT_LINK):
 // ========== VARIANT: add node with existing asset ===========================
 // addnodetoasset
 // same as node add but with existing object
 $asset_id = sanitize($_REQUEST['asset_id']);
 $node_ip = sanitize($_REQUEST['node_ip']);
 $subnet_id = sanitize($_REQUEST['subnet_id']);
 $smarty->assign("node_ip", $node_ip);
 $smarty->assign("asset_id", $asset_id);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("asset_options", db_get_options_asset());
 $smarty->assign("subnet_options",  db_get_options_subnet());
 $smarty->display("assignnodetoasset.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 // node
 $sql = "SELECT n.node_id AS id, n.node_ip AS ip, n.node_mac AS mac,
            n.node_dns1 AS dns1, n.node_dns2 AS dns2, n.node_info AS info,
            n.node_type AS type, n.node_flags AS flags, 
            (n.node_flags & 0x1)=1 AS deleted, (n.node_flags & 0x2)=2 AS reserved,
            a.asset_id, a.asset_name,
            c.assetclass_id, c.assetclass_name,
            s.subnet_id, s.subnet_address, s.subnet_mask,
            z.zone_origin
        FROM node AS n LEFT JOIN asset AS a USING (asset_id)
            LEFT JOIN assetclass AS c USING (assetclass_id)
            LEFT JOIN subnet AS s USING (subnet_id)
            LEFT JOIN zone AS z USING (zone_id)
        WHERE n.node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $node = $sth->fetch(PDO::FETCH_OBJ);
 $node->mac = write_mac($node->mac, $_SESSION['suser_mac']);
 $smarty->assign("node", $node);
 // nat
 $sql = "SELECT
            asset_ext.asset_id AS asset_id_ext,
            asset_int.asset_id AS asset_id_int,
            asset_ext.asset_name AS asset_name_ext,
            asset_int.asset_name AS asset_name_int,
            nat.nat_id AS nat_id,
            nat.nat_type AS nat_type,
            nat.nat_ext AS nat_ext,
            nat.nat_int AS nat_int,
            node_ext.node_ip AS node_ip_ext,
            node_int.node_ip AS node_ip_int,
            node_int.node_id AS node_id_int,
            node_ext.node_id AS node_id_ext
        FROM
            asset AS asset_ext,
            asset AS asset_int,
            nat,
            node AS node_ext,
            node AS node_int
        WHERE
            (nat.nat_ext=:node_id OR nat.nat_int=:node_id)
            AND node_ext.node_id=nat.nat_ext
            AND node_int.node_id=nat.nat_int
            AND asset_ext.asset_id=node_ext.asset_id
            AND asset_int.asset_id=node_int.asset_id
        ORDER BY
            INET_ATON(node_ext.node_ip),
            INET_ATON(node_int.node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute(['node_id' => $id]);
 $smarty->assign("natrules", $sth->fetchAll());
 $smarty->display("nodeview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT node_id AS id, node_ip AS ip, node_mac AS mac,
            node_dns1 AS dns1, node_dns2 AS dns2, node_info AS info,
            zone_id, asset_id, subnet_id, node_flags AS flags
 	FROM node
 	WHERE node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $node = $sth->fetch(PDO::FETCH_OBJ);
 $node->mac = write_mac($node->mac, $_SESSION['suser_mac']);
 $node->flags = explode(',', $node->flags);
 $smarty->assign("node", $node);
 $smarty->assign("asset_options", db_get_options_asset());
 $smarty->assign("subnet_options", db_get_options_subnet());
 $smarty->assign("zone_options", db_get_options_zone('(keine)'));
 $smarty->display("nodeedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 $sql = "SELECT node_id AS id, node_ip AS ip, asset_id FROM node WHERE node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("nodedel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/nodeadd.php
+++ b/nodeadd.php
@ -1,27 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if ((isset($_GET['node_ip'])) ? $node_ip = sanitize($_GET['node_ip']) : $node_ip = '');
 if ((isset($_GET['subnet_id'])) ?  $subnet_id = sanitize($_GET['subnet_id']) : $subnet_id = '');
 include("header.php");
 $smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
 $smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
 $smarty->assign("node_ip", $node_ip);
 $smarty->assign("subnet_id", $subnet_id);
 $smarty->assign("subnet_options", db_get_options_subnet());
 $smarty->assign("assetclass_options", db_get_options_assetclass());
 $smarty->display("nodeadd.tpl");
 include("footer.php");
 ?>
--- a/nodedel.php
+++ b/nodedel.php
@ -1,24 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_id = sanitize($_GET['node_id']);
 include("header.php");
 $sql = "SELECT node_id AS id, node_ip AS ip, asset_id FROM node WHERE node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("nodedel.tpl");
 include("footer.php");
 ?>
--- a/nodeedit.php
+++ b/nodeedit.php
@ -1,32 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $node_id = sanitize($_GET['node_id']);
 include("header.php");
 $sql = "SELECT node_id AS id, node_ip AS ip, node_mac AS mac,
            node_dns1 AS dns1, node_dns2 AS dns2, node_info AS info,
            zone_id, asset_id, subnet_id
 	FROM node
 	WHERE node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("asset_options", db_get_options_asset());
 $smarty->assign("subnet_options", db_get_options_subnet());
 $smarty->assign("zone_options", db_get_options_zone('(keine)'));
 $smarty->display("nodeedit.tpl");
 include("footer.php");
 ?>
--- a/nodeview.php
+++ b/nodeview.php
@ -1,89 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if (isset($_GET['node_id']) && (!empty($_GET['node_id']))) {
    $node_id = sanitize($_GET['node_id']);
 } else {
    // redirect to error page
    header_location("comments.php?comments=error");
    exit;
 }
 include("header.php");
 // node
 $sql = "SELECT
            asset.asset_id,
            asset.asset_name,
            node.node_id AS id,
            node.node_ip AS ip,
            node.node_mac AS mac,
            node.node_dns1 AS dns1,
            node.node_dns2 AS dns2,
            node.node_info AS info,
            node.node_type AS type,
            subnet.subnet_id,
            subnet.subnet_address,
            subnet.subnet_mask,
            zone.zone_origin
        FROM
            node
            JOIN asset USING (asset_id)
            JOIN subnet USING (subnet_id)
            LEFT JOIN zone USING (zone_id)
        WHERE
            node.node_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$node_id]);
 $node = $sth->fetch(PDO::FETCH_OBJ);
 $node->mac = write_mac($node->mac);
 $smarty->assign("node", $node);
 // nat
 $sql = "SELECT
            asset_ext.asset_id AS asset_id_ext,
            asset_int.asset_id AS asset_id_int,
            asset_ext.asset_name AS asset_name_ext,
            asset_int.asset_name AS asset_name_int,
            nat.nat_id AS nat_id,
            nat.nat_type AS nat_type,
            nat.nat_ext AS nat_ext,
            nat.nat_int AS nat_int,
            node_ext.node_ip AS node_ip_ext,
            node_int.node_ip AS node_ip_int,
            node_int.node_id AS node_id_int,
            node_ext.node_id AS node_id_ext
        FROM
            asset AS asset_ext,
            asset AS asset_int,
            nat,
            node AS node_ext,
            node AS node_int
        WHERE
            (nat.nat_ext=:node_id OR nat.nat_int=:node_id)
            AND node_ext.node_id=nat.nat_ext
            AND node_int.node_id=nat.nat_int
            AND asset_ext.asset_id=node_ext.asset_id
            AND asset_int.asset_id=node_int.asset_id
        ORDER BY
            INET_ATON(node_ext.node_ip),
            INET_ATON(node_int.node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute(['node_id' => $node_id]);
 $smarty->assign("natrules", $sth->fetchAll());
 $smarty->display("nodeview.tpl");
 include("footer.php");
 ?>
--- a/options.php
+++ b/options.php
@ -8,8 +8,124 @@ SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'edit': $action = ACT_EDIT; break;
    case 'pass': $action = ACT_PASSWORD; break;
    case 'update':
        $id = $_SESSION['suser_id'];
        $language = $_POST['user_language'];
        $imagesize = sanitize($_POST['user_imagesize']);
        $imagecount = sanitize($_POST['user_imagecount']);
        $mac = sanitize($_POST['user_mac']);
        $dateformat = sanitize($_POST['user_dateformat']);
        $dns1suffix = sanitize($_POST['user_dns1suffix']);
        $dns2suffix = sanitize($_POST['user_dns2suffix']);
        $tooltips = sanitize($_POST['user_tooltips']);
        $menu_assets = sanitize($_POST['user_menu_assets']);
        $menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
        $menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
        $menu_cables = sanitize($_POST['user_menu_cables']);
        $menu_locations = sanitize($_POST['user_menu_locations']);
        $menu_nodes = sanitize($_POST['user_menu_nodes']);
        $menu_nats = sanitize($_POST['user_menu_nats']);
        $menu_subnets = sanitize($_POST['user_menu_subnets']);
        $menu_vlans = sanitize($_POST['user_menu_vlans']);
        $menu_zones = sanitize($_POST['user_menu_zones']);
        // construct menu set
        $menu = array();
        if ($menu_assets) $menu[] = 'asset';
        if ($menu_assetclasses) $menu[] = 'class';
        if ($menu_assetclassgroups) $menu[] = 'group';
        if ($menu_cables) $menu[] = 'cable';
        if ($menu_locations) $menu[] = 'location';
        if ($menu_nodes) $menu[] = 'node';
        if ($menu_nats) $menu[] = 'nat';
        if ($menu_subnets) $menu[] = 'subnet';
        if ($menu_vlans) $menu[] = 'vlan';
        if ($menu_zones) $menu[] = 'zone';
        $menu = empty($menu) ? NULL : implode(',', $menu);
        $sql = "UPDATE user SET
                user_language=?, user_imagesize=?, user_imagecount=?,
                user_mac=?, user_dateformat=?, user_dns1suffix=?,
                user_dns2suffix=?, user_tooltips=?, user_menu=?
            WHERE
                user_id=?";
        $sth = $dbh->prepare($sql);
        $sth->execute([$language, $imagesize, $imagecount,
                       $mac, $dateformat, $dns1suffix,
                       $dns2suffix, $tooltips, $menu,
                       $id]);
        $_SESSION['suser_language'] = $language;
        $_SESSION['suser_imagesize'] = $imagesize;
        $_SESSION['suser_imagecount'] = $imagecount;
        $_SESSION['suser_mac'] = $mac;
        $_SESSION['suser_dateformat'] = $dateformat;
        $_SESSION['suser_dns1suffix'] = $dns1suffix;
        $_SESSION['suser_dns2suffix'] = $dns2suffix;
        $_SESSION['suser_menu_assets'] = $menu_assets;
        $_SESSION['suser_menu_assetclasses'] = $menu_assetclasses;
        $_SESSION['suser_menu_assetclassgroups'] = $menu_assetclassgroups;
        $_SESSION['suser_menu_cables'] = $menu_cables;
        $_SESSION['suser_menu_locations'] = $menu_locations;
        $_SESSION['suser_menu_nodes'] = $menu_nodes;
        $_SESSION['suser_menu_nats'] = $menu_nats;
        $_SESSION['suser_menu_subnets'] = $menu_subnets;
        $_SESSION['suser_menu_vlans'] = $menu_vlans;
        $_SESSION['suser_menu_zones'] = $menu_zones;
        $_SESSION['suser_tooltips'] = $tooltips;
        $action = ACT_DEFAULT;
        break;
    case 'exec-pass':
        $user_id = $_SESSION['suser_id'];
        $currentpass = sanitize($_POST['user_currentpass']);
        $newpass1 = sanitize($_POST['user_newpass1']);
        $newpass2 = sanitize($_POST['user_newpass2']);
        $sth = $dbh->prepare("SELECT user_pass FROM user WHERE user_id=?");
        $sth->execute([$user_id]);
        $userpass = $sth->fetchColumn();
        $action = ACT_PASSWORD;
        if (password_verify($currentpass, $userpass)) {
            if (strlen($newpass1) >= 5) {
                if (!strcmp($newpass1, $newpass2)) {
                    $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
                    $newhash = password_hash($newpass1, PASSWORD_BCRYPT);
                    $sth->execute([$newhash, $user_id]);
                    $action = ACT_DEFAULT;
                } else {
                    $g_error->Add('New passwords do not match!');
                }
            } else {
                $g_error->Add('New password is to simple!');
            }
        } else {
            $g_error->Add('Current password wrong!');
        }
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 // ========== ACTIONS END =====================================================
 include("header.php");
 if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 $smarty->assign('realm', $_SESSION['suser_realm']);
 $smarty->assign('role_add', $_SESSION['suser_role_add']);
 $smarty->assign('role_edit', $_SESSION['suser_role_edit']);
 $smarty->assign('role_delete', $_SESSION['suser_role_delete']);
@ -17,5 +133,118 @@ $smarty->assign('role_manage', $_SESSION['suser_role_manage']);
 $smarty->assign('role_admin', $_SESSION['suser_role_admin']);
 $smarty->display("options.tpl");
-include("footer.php");
+elseif ($action == ACT_EDIT):
-?>
+// ========== VARIANT: edit display options ===================================
 $smarty->assign("language", lang_getfrombrowser($config_lang, $config_lang_default));
 // available languages
 $lang_options = array();
 foreach ($config_lang as $lang) {
    $lang_options[$lang] = $lang;
 }
 $smarty->assign("lang_options", $lang_options);
 if($_SESSION['suser_menu_assets']=='on') {
 	$user_menu_assets_checked = 'checked';
 } else {
 	$user_menu_assets_checked = '';
 }
 // assetclasses
 if($_SESSION['suser_menu_assetclasses']=='on') {
 	$user_menu_assetclasses_checked = 'checked';
 } else {
 	$user_menu_assetclasses_checked = '';
 }
 // assetclassgroups
 if($_SESSION['suser_menu_assetclassgroups']=='on') {
 	$user_menu_assetclassgroups_checked = 'checked';
 } else {
 	$user_menu_assetclassgroups_checked = '';
 }
 // cables
 if($_SESSION['suser_menu_cables']=='on') {
 	$user_menu_cables_checked = 'checked';
 } else {
 	$user_menu_cables_checked = '';
 }
 // locations
 if($_SESSION['suser_menu_locations']=='on') {
 	$user_menu_locations_checked = 'checked';
 } else {
 	$user_menu_locations_checked = '';
 }
 // nodes
 if($_SESSION['suser_menu_nodes']=='on') {
 	$user_menu_nodes_checked = 'checked';
 } else {
 	$user_menu_nodes_checked = '';
 }
 // nats
 if($_SESSION['suser_menu_nats']=='on') {
 	$user_menu_nats_checked = 'checked';
 } else {
 	$user_menu_nats_checked = '';
 }
 // subnets
 if($_SESSION['suser_menu_subnets']=='on') {
 	$user_menu_subnets_checked = 'checked';
 } else {
 	$user_menu_subnets_checked = '';
 }
 // vlans
 if($_SESSION['suser_menu_vlans']=='on') {
 	$user_menu_vlans_checked = 'checked';
 } else {
 	$user_menu_vlans_checked = '';
 }
 // zones
 if($_SESSION['suser_menu_zones']=='on') {
 	$user_menu_zones_checked = 'checked';
 } else {
 	$user_menu_zones_checked = '';
 }
 // tooltips
 if($_SESSION['suser_tooltips']=='on') {
 	$user_tooltips_checked = 'checked';
 } else {
 	$user_tooltips_checked = '';
 }
 $smarty->assign("user_id", $_SESSION['suser_id']);
 $smarty->assign("user_imagesize", $_SESSION['suser_imagesize']);
 $smarty->assign("user_imagecount", $_SESSION['suser_imagecount']);
 $smarty->assign("user_mac", $_SESSION['suser_mac']);
 $smarty->assign("user_dateformat", $_SESSION['suser_dateformat']);
 $smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
 $smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
 $smarty->assign("user_language", $_SESSION['suser_language']);
 $smarty->assign("user_menu_assets_checked", $user_menu_assets_checked);
 $smarty->assign("user_menu_assetclasses_checked", $user_menu_assetclasses_checked);
 $smarty->assign("user_menu_assetclassgroups_checked", $user_menu_assetclassgroups_checked);
 $smarty->assign("user_menu_cables_checked", $user_menu_cables_checked);
 $smarty->assign("user_menu_locations_checked", $user_menu_locations_checked);
 $smarty->assign("user_menu_nodes_checked", $user_menu_nodes_checked);
 $smarty->assign("user_menu_nats_checked", $user_menu_nats_checked);
 $smarty->assign("user_menu_subnets_checked", $user_menu_subnets_checked);
 $smarty->assign("user_menu_vlans_checked", $user_menu_vlans_checked);
 $smarty->assign("user_menu_zones_checked", $user_menu_zones_checked);
 $smarty->assign("user_tooltips_checked", $user_tooltips_checked);
 $smarty->display("optionseditdisplay.tpl");
 elseif ($action == ACT_PASSWORD):
 // ========== VARIANT: password ===============================================
 $smarty->display("optionseditpassword.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/optionseditdisplay.php
+++ b/optionseditdisplay.php
@ -1,99 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 include("header.php");
 $smarty->assign("language", $language);
 if($_SESSION['suser_menu_assets']=='on') {
 	$user_menu_assets_checked = 'checked';
 } else {
 	$user_menu_assets_checked = '';
 }
 // assetclasses
 if($_SESSION['suser_menu_assetclasses']=='on') {
 	$user_menu_assetclasses_checked = 'checked';
 } else {
 	$user_menu_assetclasses_checked = '';
 }
 // assetclassgroups
 if($_SESSION['suser_menu_assetclassgroups']=='on') {
 	$user_menu_assetclassgroups_checked = 'checked';
 } else {
 	$user_menu_assetclassgroups_checked = '';
 }
 // cables
 if($_SESSION['suser_menu_cables']=='on') {
 	$user_menu_cables_checked = 'checked';
 } else {
 	$user_menu_cables_checked = '';
 }
 // locations
 if($_SESSION['suser_menu_locations']=='on') {
 	$user_menu_locations_checked = 'checked';
 } else {
 	$user_menu_locations_checked = '';
 }
 // nodes
 if($_SESSION['suser_menu_nodes']=='on') {
 	$user_menu_nodes_checked = 'checked';
 } else {
 	$user_menu_nodes_checked = '';
 }
 // subnets
 if($_SESSION['suser_menu_subnets']=='on') {
 	$user_menu_subnets_checked = 'checked';
 } else {
 	$user_menu_subnets_checked = '';
 }
 // vlans
 if($_SESSION['suser_menu_vlans']=='on') {
 	$user_menu_vlans_checked = 'checked';
 } else {
 	$user_menu_vlans_checked = '';
 }
 // zones
 if($_SESSION['suser_menu_zones']=='on') {
 	$user_menu_zones_checked = 'checked';
 } else {
 	$user_menu_zones_checked = '';
 }
 // tooltips
 if($_SESSION['suser_tooltips']=='on') {
 	$user_tooltips_checked = 'checked';
 } else {
 	$user_tooltips_checked = '';
 }
 $smarty->assign("user_id", $_SESSION['suser_id']);
 $smarty->assign("user_imagesize", $_SESSION['suser_imagesize']);
 $smarty->assign("user_imagecount", $_SESSION['suser_imagecount']);
 $smarty->assign("user_mac", $_SESSION['suser_mac']);
 $smarty->assign("user_dateformat", $_SESSION['suser_dateformat']);
 $smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
 $smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
 $smarty->assign("user_language", $_SESSION['suser_language']);
 $smarty->assign("user_menu_assets_checked", $user_menu_assets_checked);
 $smarty->assign("user_menu_assetclasses_checked", $user_menu_assetclasses_checked);
 $smarty->assign("user_menu_assetclassgroups_checked", $user_menu_assetclassgroups_checked);
 $smarty->assign("user_menu_cables_checked", $user_menu_cables_checked);
 $smarty->assign("user_menu_locations_checked", $user_menu_locations_checked);
 $smarty->assign("user_menu_nodes_checked", $user_menu_nodes_checked);
 $smarty->assign("user_menu_subnets_checked", $user_menu_subnets_checked);
 $smarty->assign("user_menu_vlans_checked", $user_menu_vlans_checked);
 $smarty->assign("user_menu_zones_checked", $user_menu_zones_checked);
 $smarty->assign("user_tooltips_checked", $user_tooltips_checked);
 $smarty->display("optionseditdisplay.tpl");
 include("footer.php");
 ?>
--- a/optionseditpassword.php
+++ b/optionseditpassword.php
@ -1,16 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 include("header.php");
 $smarty->display("optionseditpassword.tpl");
 include("footer.php");
 ?>
--- a/search.php
+++ b/search.php
@ -16,7 +16,7 @@ if (empty($search)) {
    // parse nosearch box
    $smarty->assign("nosearch", TRUE);
    $smarty->display("search.tpl");
-    include("footer.php");
+    $smarty->display("footer.tpl");
    exit;
 }
@ -28,11 +28,13 @@ $needle = '%' . $search . '%';
 $resultcounter = 0;
 // asset
-$sql = "SELECT asset_id AS id, asset_name AS name, asset_info AS description
+$sql = "SELECT a.asset_id AS id, a.asset_name AS name, 
-        FROM asset
+            CONCAT(LEFT(asset_info, 50), IF(CHAR_LENGTH(asset_info)>50,'...','')) AS description,
-        WHERE asset_name LIKE :needle OR asset_hostname LIKE :needle
+            c.assetclass_name AS assetclass
-		   OR asset_info LIKE :needle
+        FROM asset AS a LEFT JOIN assetclass AS c USING (assetclass_id)
-        ORDER BY asset_name";
+        WHERE a.asset_name LIKE :needle OR a.asset_hostname LIKE :needle
 		   OR a.asset_info LIKE :needle
        ORDER BY a.asset_name";
 $sth = $dbh->prepare($sql);
 $sth->execute(['needle' => $needle]);
@ -53,7 +55,8 @@ $resultcounter += count($locations);
 $smarty->assign("locations", $locations);
 // node
-$sql = "SELECT node_id AS id, node_ip AS ip
+$sql = "SELECT node_id AS id, node_ip AS ip,
            CONCAT(LEFT(node_info, 30), IF(CHAR_LENGTH(node_info)>30,'...','')) AS info
        FROM node
 	    WHERE node_ip LIKE :needle OR node_mac LIKE :needle
           OR node_dns1 LIKE :needle OR node_dns2 LIKE :needle
@ -111,5 +114,4 @@ $smarty->assign("resultcounter", $resultcounter);
 $smarty->display("search.tpl");
-include("footer.php");
+$smarty->display("footer.tpl");
 ?>
--- a/submit.php
+++ b/submit.php
@ -1,812 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if ($_SERVER['REQUEST_METHOD'] != "POST") {
    header_location("comments.php?comments=" . $comments);
    exit;
 }
 if (isset($_POST['redirect'])) {
    switch ($_POST['redirect']) {
        case ("assigniptonode") :
            $node_ip = sanitize($_POST['node_ip']);
            $subnet_id = sanitize($_POST['subnet_id']);
            switch ($_POST['action']) {
                case ("assignnodetoasset") :
                    header_location("assignnodetoasset.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip);
                break;
                case ("nodeadd") :
                    header_location("nodeadd.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip);
                break;
            }
            break;
        case ("locationsubnet") :
            $location_id = sanitize($_POST['location_id']);
            switch ($_POST['action']) {
                case ("locationsubnetadd") :
                    header_location("locationsubnetadd.php?location_id=" . $location_id);
                break;
                case ("locationsubnetdel") :
                    header_location("locationsubnetdel.php?location_id=" . $location_id);
                break;
            }
            break;
        case ("nat") :
            $node_id = sanitize($_POST['node_id']);
            switch ($_POST['action']) {
                case ("natadd") :
                    header_location("natadd.php?node_id=" . $node_id);
                    break;
                case ("natdel") :
                    header_location("natdel.php?node_id=" . $node_id);
                    break;
            }
            break;
        case ("subnetlocation") :
            $subnet_id = sanitize($_POST['subnet_id']);
            switch ($_POST['action']) {
                case ("subnetlocationadd") :
                    header_location("subnetlocationadd.php?subnet_id=" . $subnet_id);
                    break;
                case ("subnetlocationdel") :
                    header_location("subnetlocationdel.php?subnet_id=" . $subnet_id);
                    break;
            }
            break;
        case ("subnetvlan") :
            $subnet_id = sanitize($_POST['subnet_id']);
            switch ($_POST['action']) {
                case ("subnetvlanadd") :
                    header_location("subnetvlanadd.php?subnet_id=" . $subnet_id);
                    break;
                case ("subnetvlandel") :
                    header_location("subnetvlandel.php?subnet_id=" . $subnet_id);
                    break;
            }
            break;
        case ("vlansubnet") :
            $vlan_id = sanitize($_POST['vlan_id']);
            switch ($_POST['action']) {
                case ("vlansubnetadd") :
                    header_location("vlansubnetadd.php?vlan_id=" . $vlan_id);
                    break;
                case ("vlansubnetdel") :
                    header_location("vlansubnetdel.php?vlan_id=" . $vlan_id);
                    break;
            }
            break;
    }
 }
 if (isset($_POST['add'])) {
    switch ($_POST['add']) {
        case ("asset") :
            $name = sanitize($_POST['asset_name']);
            $hostname = sanitize($_POST['asset_hostname']);
            $assetclass_id = sanitize($_POST['assetclass_id']);
            $info = sanitize($_POST['asset_info']);
            $intf = sanitize($_POST['asset_intf']);
            $asset_type = sanitize($_POST['asset_type']);
            $sql = "INSERT INTO asset
                        (asset_name, asset_hostname, assetclass_id, asset_info,
                         asset_intf, asset_type)
                    VALUE 
                        (?, ?, ?, ?, ?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$name, $hostname, $assetclass_id, $info, $intf, $asset_type]);
            header_location("assetview.php?asset_id=" . $dbh->lastInsertId());
            break;
        case ("assetclass") :
            $assetclass_name = sanitize($_POST['assetclass_name']);
            $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
            $sql = "INSERT INTO assetclass
                          (assetclass_name, assetclassgroup_id)
                VALUE
                    (?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$assetclass_name, $assetclassgroup_id]);
            header_location("assetclassview.php?assetclass_id=" . $dbh->lastInsertId());
            break;
        case ("assetclassgroup") :
            $name = sanitize($_POST['acg_name']);
            $color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
            $desc = sanitize($_POST['acg_description']);
            $sql = "INSERT INTO assetclassgroup
                        (assetclassgroup_name, assetclassgroup_color, assetclassgroup_description)
                    VALUE
                        (?, ?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$name, $color, $desc]);
            header_location("assetclassgroupview.php?assetclassgroup_id=" . $dbh->lastInsertId());
            break;
        case ("assignnodetoasset") :
            $node_ip = sanitize($_POST['node_ip']);
            $subnet_id = sanitize($_POST['subnet_id']);
            $asset_id = sanitize($_POST['asset_id']);
            $node_mac = strip_mac(sanitize($_POST['node_mac']));
            if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1']));
            if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2']));
            $node_info = $_POST['node_info'];
            $sql = "INSERT INTO node (
                        node_ip,
                        node_mac,
                        node_dns1,
                        node_dns2,
                        subnet_id,
                        asset_id,
                        node_info)
                    VALUE
                        (?, ?, ?, ?, ?, ?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$node_ip, $node_mac, $node_dns1, $node_dns2,
                           $subnet_id, $asset_id, $node_info]);
            header_location("nodeview.php?node_id=" . $dbh->lastInsertId());
            break;
        case ("assignlocationtosubnet") :
            $location_id = sanitize($_POST['location_id']);
            $subnet_id = sanitize($_POST['subnet_id']);
            $sql = "INSERT INTO subnetlocation (location_id, subnet_id)
                    VALUE (?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$location_id, $subnet_id]);
            header_location("Location: location.php?location_id=" . $dbh->lastInsertId());
            break;
        case ("assignsubnettovlan") :
            $subnet_id = sanitize($_POST['subnet_id']);
            $vlan_id = sanitize($_POST['vlan_id']);
            $sql = "UPDATE subnet SET vlan_id=? WHERE subnet_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$vlan_id, $subnet_id]);
            header_location("subnetview.php?subnet_id=" . $subnet_id);
            break;
        case ("location") :
            $name = sanitize($_POST['location_name']);
            $parent = sanitize($_POST['location_parent']);
            $info = sanitize($_POST['location_info']);
            $sql = "INSERT INTO location (
                        location_name, location_parent, location_info
                    )
                    VALUE (?, ?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$name, $parent, $info]);
            header_location("locationview.php?location_id=" . $dbh->lastInsertId());
            break;
        case ("locationsubnet") :
            $location_id = sanitize($_POST['location_id']);
            $subnet_id = sanitize($_POST['subnet_id']);
            $sql = "INSERT INTO subnetlocation (location_id, subnet_id)
                    VALUE (?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$location_id, $subnet_id]);
            header_location("locationview.php?location_id=" . $location_id);
            break;
        case ("nat") :
            $node_id_ext = sanitize($_POST['node_id_ext']);
            $node_id_int = sanitize($_POST['node_id_int']);
            $nat_type = sanitize($_POST['nat_type']);
            $sql = "INSERT INTO nat (nat_ext, nat_int, nat_type)
                    VALUE (?, ?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$node_id_ext, $node_id_int, $nat_type]);
            header_location("nodeview.php?node_id=" . $node_id_ext);
            break;
        case ("node") :
            $asset_name = sanitize($_POST['asset_name']);
            $asset_hostname = sanitize($_POST['asset_hostname']);
            $assetclass_id = sanitize($_POST['assetclass_id']);
            $ip = sanitize($_POST['node_ip']);
            $mac = strip_mac(sanitize($_POST['node_mac']));
            if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1']));
            if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2']));
            $node_info = sanitize($_POST['node_info']);
            $subnet_id = $_POST['subnet_id'];
            $sql = "INSERT INTO asset (asset_name, asset_hostname, assetclass_id)
                       VALUE (?, ?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$asset_name, $asset_hostname, $assetclass_id]);
            $asset_id = $dbh->lastInsertId();
            $sql = "INSERT INTO node (
                        node_ip, node_mac, node_dns1, node_dns2, node_info,
                        subnet_id, asset_id
                    )
                    VALUE (?, ?, ?, ?, ?, ?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$ip, $mac, $dns1, $dns2, $node_info, $subnet_id, $asset_id]);
            header_location("nodeview.php?node_id=" . $dbh->lastInsertId());
            break;
        case ("subnet") :
            $subnet_address= sanitize($_POST['subnet_address']);
            $subnet_mask = sanitize($_POST['subnet_mask']);
            $subnet_info = sanitize($_POST['subnet_info']);
            $sql = "INSERT INTO subnet (subnet_address, subnet_mask, subnet_info)
                    VALUE (?, ?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$subnet_address, $subnet_mask, $subnet_info]);
            header_location("subnetview.php?subnet_id=" . $dbh->lastInsertId());
            break;
        case ("subnetlocation") :
            $location_id = sanitize($_POST['location_id']);
            $subnet_id = sanitize($_POST['subnet_id']);
            $sql = "INSERT INTO subnetlocation (location_id, subnet_id)
                    VALUE (?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$location_id, $subnet_id]);
            header_location("subnetview.php?subnet_id=" . $subnet_id);
            break;
        case ("subnetvlan") :
            $subnet_id = sanitize($_POST['subnet_id']);
            $vlan_id = sanitize($_POST['vlan_id']);
            $sql = "INSERT INTO subnetvlan (subnet_id, vlan_id)
                    VALUE (?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$subnet_id, $vlan_id]);
            header_location("subnetview.php?subnet_id=" . $subnet_id);
            break;
        case ("user") :
            $user_name = strtolower(sanitize($_POST['user_name']));
            $user_displayname = sanitize($_POST['user_displayname']);
            $user_password = md5(sanitize($_POST['user_password']));
            // check if username exists
            $sth = $dbh->prepare("SELECT COUNT(*) FROM user WHERE user_name=?");
            $sth->execute([$user_name]);
            if ($sth->fetchColumn() == 0) {
                $sql = "INSERT INTO user (user_name, user_displayname, user_pass)
                        VALUE (?, ?, ?)";
                $sth = $dbh->prepare($sql);
                $sth->execute([$user_name, $user_displayname, $user_password]);
                header_location("userview.php?user_id=" . $dbh->lastInsertId());
                break;
            }
            $comments = "usernameinuse";
            break;
        case ("vlan") :
            $vlan_name = sanitize($_POST['vlan_name']);
            $vlan_number = sanitize($_POST['vlan_number']);
            $vlan_info = sanitize($_POST['vlan_info']);
            $vlan_color = sanitize($_POST['vlan_color']);
            $sql = "INSERT INTO vlan (vlan_name, vlan_number, vlan_color, vlan_info)
                    VALUE (?, ?, ?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info]);
            header_location("vlanview.php?vlan_id=" . $dbh->lastInsertId());
            break;
        case ("vlansubnet") :
            $subnet_id = sanitize($_POST['subnet_id']);
            $vlan_id = sanitize($_POST['vlan_id']);
            $sql = "INSERT INTO subnetvlan (subnet_id, vlan_id)
                    VALUE (?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$subnet_id, $vlan_id]);
            header_location("vlanview.php?vlan_id=" . $vlan_id);
            break;
        case ("zone") :
            $zone_origin = sanitize($_POST['zone_origin']);
            $zone_ttl_default = sanitize($_POST['zone_ttl_default']);
            $zone_soa = sanitize($_POST['zone_soa']);
            $zone_hostmaster = sanitize($_POST['zone_hostmaster']);
            $zone_refresh = sanitize($_POST['zone_refresh']);
            $zone_retry = sanitize($_POST['zone_retry']);
            $zone_expire = sanitize($_POST['zone_expire']);
            $zone_ttl = sanitize($_POST['zone_ttl']);
            $zone_serial = sanitize($_POST['zone_serial']);
            $zone_ns1 = sanitize($_POST['zone_ns1']);
            $zone_ns2 = sanitize($_POST['zone_ns2']);
            $zone_ns3 = sanitize($_POST['zone_ns3']);
            $zone_mx1 = sanitize($_POST['zone_mx1']);
            $zone_mx2 = sanitize($_POST['zone_mx2']);
            $zone_info = sanitize($_POST['zone_info']);
            $sql = "INSERT INTO zone (
                        zone_origin, zone_ttl_default, zone_soa, zone_hostmaster,
                        zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
                        zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info)
                    VALUE (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$zone_origin, $zone_ttl_default, $zone_soa, $zone_hostmaster,
                           $zone_refresh, $zone_retry, $zone_expire, $zone_ttl, $zone_serial,
                        $zone_ns1, $zone_ns2, $zone_ns3, $zone_mx1, $zone_mx2, $zone_info]);
            header_location("zoneview.php?zone_id=" . $dbh->lastInsertId());
            break;
    }
 }
 if (isset($_POST['del'])) {
    switch ($_POST['del']) {
        case ("asset") :
            $asset_id = sanitize($_POST['asset_id']);
            $sth = $dbh->prepare("DELETE FROM asset WHERE asset_id=?");
            $sth->execute([$asset_id]);
            $sth = $dbh->prepare("DELETE FROM node WHERE asset_id=?");
            $sth->execute([$asset_id]);
            header_location("asset.php");
            break;
        case ("assetclass") :
            $assetclass_id = sanitize($_POST['assetclass_id']);
            $sth = $dbh->prepare("DELETE FROM assetclass WHERE assetclass_id=?");
            $sth->execute([$assetclass_id]);
            header_location("assetclass.php");
            break;
        case ("assetclassgroup") :
            $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
            $sth = $dbh->prepare("DELETE FROM assetclassgroup WHERE assetclassgroup_id=?");
            $sth->execute([$assetclassgroup_id]);
            header_location("assetclassgroup.php");
            break;
        case ("location") :
            $location_id = sanitize($_POST['location_id']);
            $sth = $dbh->prepare("DELETE FROM location WHERE location_id=?");
            $sth->execute([$location_id]);
            header_location("location.php");
            break;
        case ("locationsubnet") :
            $location_id = sanitize($_POST['location_id']);
            $subnet_id = sanitize($_POST['subnet_id']);
            $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
            $sth->execute([$location_id, $subnet_id]);
            header_location("locationview.php?location_id=" . $location_id);
            break;
        case ("nat") :
            $nat_id = sanitize($_POST['nat_id']);
            $node_id_ext = sanitize($_POST['node_id_ext']);
            $sth = $dbh->prepare("DELETE FROM nat WHERE nat_id=?");
            $sth->execute([$nat_id]);
            header_location("nodeview.php?node_id=" . $node_id_ext);
            break;
        case ("node") :
            $node_id = sanitize($_POST['node_id']);
            $sth = $dbh->prepare("DELETE FROM node WHERE node_id=?");
            $sth->execute([$node_id]);
            header_location("assetview.php?asset_id=" . $asset_id);
            break;
        case ("subnet") :
            $subnet_id = sanitize($_POST['subnet_id']);
            $sth = $dbh->prepare("DELETE FROM subnet WHERE subnet_id=?");
            $sth->execute([$subnet_id]);
            $sth = $dbh->prepare("DELETE FROM node WHERE subnet_id=?");
            $sth->execute([$subnet_id]);
            header_location("subnet.php");
            break;
        case ("subnetlocation") :
            $location_id = sanitize($_POST['location_id']);
            $subnet_id = sanitize($_POST['subnet_id']);
            $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
            $sth->execute([$location_id, $subnet_id]);
            header_location("subnetview.php?subnet_id=" . $subnet_id);
            break;
        case ("subnetvlan") :
            $subnet_id = sanitize($_POST['subnet_id']);
            $vlan_id = sanitize($_POST['vlan_id']);
            $sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?");
            $sth->execute([$subnet_id, $vlan_id]);
            header_location("subnetview.php?subnet_id=" . $subnet_id);
            break;
        case ("user") :
            $user_id = sanitize($_POST['user_id']);
            $sth = $dbh->prepare("DELETE FROM user WHERE user_id=?");
            $sth->execute([$user_id]);
            header_location("user.php");
            break;
        case ("vlan") :
            $vlan_id = sanitize($_POST['vlan_id']);
            $sth = $dbh->prepare("DELETE FROM vlan WHERE vlan_id=?");
            $sth->execute([$vlan_id]);
            header_location("vlan.php");
            break;
        case ("vlansubnet") :
            $subnet_id = sanitize($_POST['subnet_id']);
            $vlan_id = sanitize($_POST['vlan_id']);
            $sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?");
            $sth->execute([$subnet_id, $vlan_id]);
            header_location("vlanview.php?vlan_id=" . $vlan_id);
            break;
        case ("zone") :
            $zone_id = sanitize($_POST['zone_id']);
            $sth = $dbh->prepare("DELETE FROM zone WHERE zone_id=?");
            $sth->execute([$zone_id]);
            header_location("zone.php");
            break;
    }
 }
 if (isset($_POST['edit'])) {
    switch ($_POST['edit']) {
        case ("asset") :
            $asset_id = sanitize($_POST['asset_id']);
            $asset_name = sanitize($_POST['asset_name']);
            $asset_info = sanitize($_POST['asset_info']);
            $asset_intf = sanitize($_POST['asset_intf']);
            $asset_hostname = sanitize($_POST['asset_hostname']);
            $assetclass_id = sanitize($_POST['assetclass_id']);
            $asset_type = sanitize($_POST['asset_type']);
            $sql = "UPDATE asset SET
                        asset_name=?, asset_info=?, asset_hostname=?,
                        assetclass_id=?, asset_intf=?, asset_type=?
                    WHERE asset_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$asset_name, $asset_info, $asset_hostname, 
                           $assetclass_id, $asset_intf, $asset_type,
                           $asset_id]);
            header_location("assetview.php?asset_id=" . $asset_id);
        case ("assetclass") :
            $assetclass_id = sanitize($_POST['assetclass_id']);
            $assetclass_name = sanitize($_POST['assetclass_name']);
            $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
            $sql = "UPDATE assetclass SET
                        assetclass_name=?, assetclassgroup_id=?
                    WHERE assetclass_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$assetclass_name, $assetclassgroup_id, $assetclass_id]);
            header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
            break;
        case ("assetclassgroup") :
            $acg_id = sanitize($_POST['acg_id']);
            $acg_name = sanitize($_POST['acg_name']);
            $acg_desc = sanitize($_POST['acg_description']);
            $acg_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
            $sql = "UPDATE assetclassgroup SET
                        assetclassgroup_name=?, assetclassgroup_color=?, assetclassgroup_description=?
                    WHERE assetclassgroup_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$acg_name, $acg_color, $acg_desc, $acg_id]);
            header_location("assetclassgroupview.php?assetclassgroup_id=" . $acg_id);
            break;
        case ("location") :
            $location_id = sanitize($_POST['location_id']);
            $location_name = sanitize($_POST['location_name']);
            $location_info = sanitize($_POST['location_info']);
            $parentlocation_id = sanitize($_POST['parentlocation_id']);
            $sql = "UPDATE location SET
                        location_name=?, location_parent=?, location_info=?
                WHERE location_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$location_name, $parentlocation_id, $location_info, $location_id]);
            header_location("locationview.php?location_id=" . $location_id);
            break;
        case ("node") :
            $node_id = sanitize($_POST['node_id']);
            $asset_id = sanitize($_POST['asset_id']);
            $node_ip = sanitize($_POST['node_ip']);
            $subnet_id = sanitize($_POST['subnet_id']);
            $node_mac = strip_mac(sanitize($_POST['node_mac']));
            $node_dns1 = sanitize($_POST['node_dns1']);
            $node_dns2 = sanitize($_POST['node_dns2']);
            $node_info = sanitize($_POST['node_info']);
            $zone_id = sanitize($_POST['zone_id']);
            $sql = "UPDATE node SET
                        asset_id=?, node_ip=?, subnet_id=?, node_mac=?,
                        node_dns1=?, node_dns2=?, node_info=?, zone_id=?
                    WHERE node_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$asset_id, $node_ip, $subnet_id, $node_mac, 
                           $node_dns1, $node_dns2, $node_info, $zone_id,
                           $node_id]);
            header_location("nodeview.php?node_id=" . $node_id);
            break;
        case ("optionsdisplay") :
            $id = $_SESSION['suser_id'];
            $language = $_POST['user_language'];
            $imagesize = sanitize($_POST['user_imagesize']);
            $imagecount = sanitize($_POST['user_imagecount']);
            $mac = sanitize($_POST['user_mac']);
            $dateformat = sanitize($_POST['user_dateformat']);
            $dns1suffix = sanitize($_POST['user_dns1suffix']);
            $dns2suffix = sanitize($_POST['user_dns2suffix']);
            $tooltips = sanitize($_POST['user_tooltips']);
            $menu_assets = sanitize($_POST['user_menu_assets']);
            $menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
            $menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
            $menu_cables = sanitize($_POST['user_menu_cables']);
            $menu_locations = sanitize($_POST['user_menu_locations']);
            $menu_nodes = sanitize($_POST['user_menu_nodes']);
            $menu_subnets = sanitize($_POST['user_menu_subnets']);
            $menu_vlans = sanitize($_POST['user_menu_vlans']);
            $menu_zones = sanitize($_POST['user_menu_zones']);
            // construct menu set
            $menu = array();
            if ($menu_assets) $menu[] = 'asset';
            if ($menu_assetclasses) $menu[] = 'class';
            if ($menu_assetclassgroups) $menu[] = 'group';
            if ($menu_cables) $menu[] = 'cable';
            if ($menu_locations) $menu[] = 'location';
            if ($menu_nodes) $menu[] = 'node';
            if ($menu_subnets) $menu[] = 'subnet';
            if ($menu_vlans) $menu[] = 'vlan';
            if ($menu_zones) $menu[] = 'zone';
            $sql = "UPDATE user SET
                    user_language=?, user_imagesize=?, user_imagecount=?,
                    user_mac=?, user_dateformat=?, user_dns1suffix=?,
                    user_dns2suffix=?, user_tooltips=?, user_menu=?
                WHERE
                    user_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$language, $imagesize, $imagecount,
                           $mac, $dateformat, $dns1suffix,
                           $dns2suffix, $tooltips, implode(',', $menu),
                           $id]);
            $_SESSION['suser_language'] = $language;
            $_SESSION['suser_imagesize'] = $imagesize;
            $_SESSION['suser_imagecount'] = $imagecount;
            $_SESSION['suser_mac'] = $mac;
            $_SESSION['suser_dateformat'] = $dateformat;
            $_SESSION['suser_dns1suffix'] = $dns1suffix;
            $_SESSION['suser_dns2suffix'] = $dns2suffix;
            $_SESSION['suser_menu_assets'] = $menu_assets;
            $_SESSION['suser_menu_assetclasses'] = $menu_assetclasses;
            $_SESSION['suser_menu_assetclassgroups'] = $menu_assetclassgroups;
            $_SESSION['suser_menu_cables'] = $menu_cables;
            $_SESSION['suser_menu_locations'] = $menu_locations;
            $_SESSION['suser_menu_nodes'] = $menu_nodes;
            $_SESSION['suser_menu_subnets'] = $menu_subnets;
            $_SESSION['suser_menu_vlans'] = $menu_vlans;
            $_SESSION['suser_menu_zones'] = $menu_zones;
            $_SESSION['suser_tooltips'] = $tooltips;
            header_location("options.php");
            break;
        case ("optionspassword") :
            $user_id = $_SESSION['suser_id'];
            $currentpass = sanitize($_POST['user_currentpass']);
            $newpass1 = sanitize($_POST['user_newpass1']);
            $newpass2 = sanitize($_POST['user_newpass2']);
            $sth = $dbh->prepare("SELECT user_pass FROM user WHERE user_id=?");
            $sth->execute([$user_id]);
            $userpass = $sth->fetchColumn();;
            if (password_verify($currentpass, $userpass)) {
                if (!strcmp($newpass1, $newpass2)) {
                    $sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
                    $newhash = password_hash($newpass1, PASSWORD_BCRYPT);
                    $sth->execute([$newhash, $user_id]);
                    header_location("options.php");
                }
            }
            // TODO generate errormessages here
            break;
        case ("subnet") :
            $subnet_id = sanitize($_POST['subnet_id']);
            $subnet_address= sanitize($_POST['subnet_address']);
            $subnet_proto_vers = sanitize($_POST['subnet_proto_vers']);
            $subnet_mask = sanitize($_POST['subnet_mask']);
            $subnet_dhcpstart = sanitize($_POST['subnet_dhcpstart']);
            $subnet_dhcpend = sanitize($_POST['subnet_dhcpend']);
            $subnet_ntp_server = sanitize($_POST['subnet_ntp_server']);
            $subnet_info = sanitize($_POST['subnet_info']);
            $sql = "UPDATE subnet SET
                        subnet_address=?, subnet_mask=?, subnet_dhcp_start=?,
                        subnet_dhcp_end=?, subnet_info=?, protocol_version=?,
                        ntp_server=?
                    WHERE subnet_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$subnet_address, $subnet_mask, $subnet_dhcpstart,
                           $subnet_dhcpend, $subnet_info, $subnet_proto_vers,
                           $subnet_ntp_server, $subnet_id]);
            header_location("subnetview.php?subnet_id=" . $subnet_id);
            break;
        case ("user") :
            $user_id = sanitize($_POST['user_id']);
            $user_name = sanitize($_POST['user_name']);
            $user_displayname = sanitize($_POST['user_displayname']);
            $user_realm = sanitize($_POST['user_realm']);
            // roles
            $role_add = sanitize($_POST['role_add']);
            $role_edit = sanitize($_POST['role_edit']);
            $role_delete = sanitize($_POST['role_delete']);
            $role_manage = sanitize($_POST['role_manage']);
            $role_admin = sanitize($_POST['role_admin']);
            // construct menu set
            $role = array();
            if ($role_add) $role[] = 'add';
            if ($role_edit) $role[] = 'edit';
            if ($role_delete) $role[] = 'delete';
            if ($role_manage) $role[] = 'manage';
            if ($role_admin) $role[] = 'admin';
            $sql = "UPDATE user SET
                        user_name=?, user_displayname=?, user_realm=?,
                        user_role=?
                    WHERE user_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$user_name ,$user_displayname, $user_realm,
                           implode(',', $role), $user_id]);
            header_location("userview.php?user_id=" . $user_id);
            break;
        case ("vlan") :
            $vlan_id = sanitize($_POST['vlan_id']);
            $vlan_name = sanitize($_POST['vlan_name']);
            $vlan_number = sanitize($_POST['vlan_number']);
            $vlan_info = sanitize($_POST['vlan_info']);
            $vlan_color = sanitize($_POST['vlan_color']);
            $sql = "UPDATE vlan SET vlan_name=?, vlan_number=?, vlan_color=?, vlan_info=? WHERE vlan_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info, $vlan_id]);
            header_location("vlanview.php?vlan_id=" . $vlan_id);
            break;
        case ("zone") :
            $id = sanitize($_POST['zone_id']);
            $origin = sanitize($_POST['zone_origin']);
            $ttl_default = sanitize($_POST['zone_ttl_default']);
            $soa = sanitize($_POST['zone_soa']);
            $hostmaster = sanitize($_POST['zone_hostmaster']);
            $refresh = sanitize($_POST['zone_refresh']);
            $retry = sanitize($_POST['zone_retry']);
            $expire = sanitize($_POST['zone_expire']);
            $ttl = sanitize($_POST['zone_ttl']);
            $serial = sanitize($_POST['zone_serial']);
            $ns1 = sanitize($_POST['zone_ns1']);
            $ns2 = sanitize($_POST['zone_ns2']);
            $ns3 = sanitize($_POST['zone_ns3']);
            $mx1 = sanitize($_POST['zone_mx1']);
            $mx2 = sanitize($_POST['zone_mx2']);
            $info = sanitize($_POST['zone_info']);
            $sql = "UPDATE zone SET
                        zone_origin=?, zone_ttl_default=?, zone_soa=?, zone_hostmaster=?,
                        zone_refresh=?, zone_retry=?, zone_expire=?, zone_ttl=?, zone_serial=?,
                        zone_ns1=?, zone_ns2=?, zone_ns3=?, zone_mx1=?, zone_mx2=?, zone_info=?
                    WHERE zone_id=?";
            $sth = $dbh->prepare($sql);
            $sth->execute([$origin, $ttl_default, $soa, $hostmaster, $refresh, $retry,
                           $expire, $ttl, $serial, $ns1, $ns2, $ns3, $mx1, $mx2, $info,
                           $id]);
            header_location("zoneview.php?zone_id=" . $zone_id);
            break;
    }
 }
 // still not redirected, check for error
 if(empty($comments)) {
    $comments = "error";
 }
 header_location("comments.php?comments=" . $comments);
 ?>
--- a/subnet.php
+++ b/subnet.php
@ -8,20 +8,741 @@ SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }
 // ========== ADDITIONAL ACTION DEFINITIONS ===================================
 define ('ACT_LOCATION_EDIT', 100);
 define ('ACT_LOCATION_ADD', 101);
 define ('ACT_LOCATION_DEL', 102);
 define ('ACT_VLAN_EDIT', 103);
 define ('ACT_VLAN_ADD', 104);
 define ('ACT_VLAN_DEL', 105);
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {
    case NULL: break;
    case 'add':   $action = ACT_ADD; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;
    case 'link':  $action = ACT_LINK; break;
    // Location
    case 'ledit': $action = ACT_LOCATION_EDIT; break;
    case 'ladd':  $action = ACT_LOCATION_ADD; break;
    case 'ldel':  $action = ACT_LOCATION_DEL; break;
    // VLAN
    case 'vedit': $action = ACT_VLAN_EDIT; break;
    case 'vadd':  $action = ACT_VLAN_ADD; break;
    case 'vdel':  $action = ACT_VLAN_DEL; break;
    case 'exec-ledit':
        if ($_POST['action'] == 'subnetlocationadd') {
            $action = ACT_LOCATION_ADD;
        } elseif ($_POST['action'] == 'subnetlocationdel') {
            $action = ACT_LOCATION_DEL;
        } else {
            $g_warning->Add('Invalid action: '. $_POST['action']);
        }
        break;
    case 'exec-ladd':
        $location_id = sanitize($_POST['location_id']);
        $sql = "INSERT INTO subnetlocation (location_id, subnet_id) VALUES (?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$location_id, $id]);
        $action = ACT_VIEW;
        break;
    case 'exec-ldel':
        $location_id = sanitize($_POST['location_id']);
        $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
        $sth->execute([$location_id, $id]);
        $g_message->Add('Removed link to location');
        $action = ACT_VIEW;
        break;
    case 'exec-vedit':
        if ($_POST['action'] == 'subnetvlanadd') {
            $action = ACT_VLAN_ADD;
        } elseif ($_POST['action'] == 'subnetvlandel') {
            $action = ACT_VLAN_DEL;
        } else {
            $g_warning->Add('Invalid action: '. $_POST['action']);
        }
        break;
    case 'exec-vadd':
        $vlan_id = sanitize($_POST['vlan_id']);
        $sql = "INSERT INTO subnetvlan (subnet_id, vlan_id) VALUES (?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$id, $vlan_id]);
        $action = ACT_VIEW;
        break;
    case 'exec-vdel':
        $vlan_id = sanitize($_POST['vlan_id']);
        $sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?");
        $sth->execute([$id, $vlan_id]);
        $g_message->Add('Removed link to vlan');
        $action = ACT_VIEW;
        break;        
    case 'insert':
        $address= sanitize($_POST['subnet_address']);
        $mask = sanitize($_POST['subnet_mask']);
        $info = sanitize($_POST['subnet_info']);
        $dhcp_start = sanitize($_POST['dhcp_start']);
        $dhcp_end = sanitize($_POST['dhcp_end']);
        $ntp_server = sanitize($_POST['ntp_server']);
        $sql = "INSERT INTO subnet (
                    subnet_address, subnet_mask, subnet_info,
                    subnet_dhcp_start, subnet_dhcp_end, ntp_server
                ) VALUES (
                    :address, :mask, :info,
                    :dhcp_start, :dhcp_end, :ntp_server
                )";
        $sth = $dbh->prepare($sql);
        $sth->bindValue(':address', $address, PDO::PARAM_STR);
        $sth->bindValue(':mask', $mask, PDO::PARAM_INT);
        $sth->bindValue(':dhcp_start', $dhcp_start, PDO::PARAM_STR);
        $sth->bindValue(':dhcp_end', $dhcp_end, PDO::PARAM_STR);
        $sth->bindValue(':ntp_server', $ntp_server, PDO::PARAM_STR);
        $sth->bindValue(':info', $info, PDO::PARAM_STR);
        $sth->execute();
        $id = $dbh->lastInsertId();
        // vlan if selected
        $vlan_id = intval(sanitize($_POST['vlan_id']));
        if ($vlan_id > 0) {
            $sql = "INSERT INTO subnetvlan (subnet_id, vlan_id) VALUES (?, ?)";
            $sth = $dbh->prepare($sql);
            $sth->execute([$id, $vlan_id]);
        }
        $action = ACT_VIEW;
        break;
    case 'update':
        $address= sanitize($_POST['subnet_address']);
        $proto_vers = sanitize($_POST['subnet_proto_vers']);
        $mask = sanitize($_POST['subnet_mask']);
        $dhcp_start = sanitize($_POST['dhcp_start']);
        $dhcp_end = sanitize($_POST['dhcp_end']);
        $ntp_server = sanitize($_POST['ntp_server']);
        $info = sanitize($_POST['subnet_info']);
        $sql = "UPDATE subnet SET
                    subnet_address=?, subnet_mask=?, subnet_dhcp_start=?,
                    subnet_dhcp_end=?, subnet_info=?, protocol_version=?,
                    ntp_server=?
                WHERE subnet_id=?";
        $sth = $dbh->prepare($sql);
        $sth->execute([$address, $mask, $dhcp_start,
                       $dhcp_end, $info, $proto_vers,
                       $ntp_server, $id]);
        $action = ACT_VIEW;
        break;
    case 'delete':
        // TODO delete NAT 
        $sth = $dbh->prepare("DELETE FROM node WHERE subnet_id=?");
        $sth->execute([$id]);
        $count = $sth->rowCount();
        $g_message->Add("Deleted $count nodes");
        $sth = $dbh->prepare("DELETE FROM subnetlocation WHERE subnet_id=?");
        $sth->execute([$id]);
        $count = $sth->rowCount();
        $g_message->Add("Deleted $count location links");
        $sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=?");
        $sth->execute([$id]);
        $count = $sth->rowCount();
        $g_message->Add("Deleted $count vlan links");
        $sth = $dbh->prepare("DELETE FROM subnet WHERE subnet_id=?");
        $sth->execute([$id]);
        $g_message->Add("Deleted subnet");
        $action = ACT_DEFAULT;
        break;
    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
 }
 $smarty->assign("action", $action);
 // ========== ACTIONS END =====================================================
 $smarty->assign("scripts",'changetext.js');
 include("header.php");
 if ($action == ACT_DEFAULT):
 // ========== VARIANT: default behavior =======================================
 $sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask,
-        s.ntp_server, LEFT(s.subnet_info, 40) AS subnet_info,
+            s.ntp_server, 
-        CHAR_LENGTH(s.subnet_info) AS subnet_length,
+            CONCAT(LEFT(s.subnet_info, 50), IF(CHAR_LENGTH(s.subnet_info)>50,'...','')) AS subnet_info,
-        COUNT(node.subnet_id) AS node_counter
+            COUNT(node.subnet_id) AS node_counter
-    FROM subnet AS s LEFT JOIN node USING (subnet_id)
+        FROM subnet AS s LEFT JOIN node USING (subnet_id)
-    GROUP BY s.subnet_id
+        GROUP BY s.subnet_id
-    ORDER BY INET_ATON(s.subnet_address)";
+        ORDER BY INET_ATON(s.subnet_address)";
 $sth = $dbh->query($sql);
 $smarty->assign("subnets", $sth->fetchAll());
 $smarty->display("subnet.tpl");
-include("footer.php");
+elseif ($action == ACT_ADD):
-?>
+// ========== VARIANT: add record =============================================
 if((isset($_GET['vlan_id'])) ? $vlan_id = sanitize($_GET['vlan_id']) : $vlan_id = "");
 $smarty->assign("vlan_id", $vlan_id);
 $smarty->assign("vlan_options", db_get_options_vlan($lang['lang_option_none']));
 $smarty->display("subnetedit.tpl");
 elseif ($action == ACT_VIEW):
 // ========== VARIANT: view single record =====================================
 if(isset($_GET['page'])) {
    $page = sanitize($_GET['page']);
 }
 // subnet
 $sql = "SELECT s.subnet_id AS id, s.subnet_address AS address, s.subnet_mask AS mask,
            s.subnet_dhcp_start AS dhcp_start, s.subnet_dhcp_end AS dhcp_end,
            s.subnet_info AS info, s.protocol_version AS proto_vers,
            s.ntp_server,
            COUNT(n.subnet_id) AS node_counter
        FROM subnet AS s LEFT JOIN node AS n USING (subnet_id)
        WHERE s.subnet_id=? 
          AND ((n.node_flags IS NULL) OR (n.node_flags & 0x1 = 0))
        GROUP BY s.subnet_id";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $subnet = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("subnet", $subnet);
 // set counters
 $host_counter = pow(2, (32-$subnet->mask));
 $node_counter = $subnet->node_counter;
 $subnet_usedpercentage = round((($node_counter/($host_counter-2))*100), 1);
 $smarty->assign("node_counter", $node_counter);
 $smarty->assign("subnet_usedpercentage", $subnet_usedpercentage);
 $smarty->assign("config_color_unused", $config_color_unused);
 $smarty->assign("host_counter", $host_counter-2);
 $smarty->assign("free_counter", (($host_counter-2)-$node_counter));
 // subnet
 // split up the range
 $iprange = explode('.', $subnet->address);
 $iprange1 = $iprange[0];
 $iprange2 = $iprange[1];
 $iprange3 = $iprange[2];
 $iprange4 = $iprange[3];
 // create empty subnet-array
 $subnetdata = array();
 // determine range (Class A/B/C)
 if ($subnet->mask >= 24) {
    // Class C
    // fill subnet-array with addresses we want to see
    for($i=0; $i<$host_counter; $i++) {
        // build ip
        $ip = $iprange1 . '.' . $iprange2 . '.' . $iprange3 . '.' . ($iprange4+$i);
        // fill subnet-array
        $subnetdata[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . $iprange2 . '.' . $iprange3 .  '.' . ($iprange4+$i-1);
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    $smarty->assign("iprange3", $iprange3);
    $smarty->assign("iprange4", $iprange4);
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 255);
    $smarty->assign("subnetmask3", 255);
    $smarty->assign("subnetmask4", 256-$host_counter);
    // no pagination needed
    $smarty->assign("noselect", TRUE);
    $smarty->assign("one_select", FALSE);
    $smarty->assign("two_select", FALSE);
    // set displayed nodes
    $nodes_displayed = $host_counter;
 } else if ($subnet->mask >= 16) {
    // Class B
    // which part do we want to see?
    if ((empty($page)) ? $page = $subnet->address : $page = $page);
    $page = explode('.', $page);
    $page2 = $page[2];
    // fill subnet-array with addresses we want to see
    for($i=0; $i<256; $i++) {
        // build ip
        $ip = $iprange1 . '.' . $iprange2 . '.' . $page2 .  '.' . $i;
        // fill subnet-array
        $subnetdata[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . $iprange2 . '.' . ($iprange3+$i-1) .  '.255';
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    // loop addresses in range3
    for ($i=$iprange3; $i<(pow(2,(32-$subnet->mask))/256); $i++) {
        // send to tpl
        $smarty->assign("iprange3", $i);
        $smarty->assign("iprange4", 0);
        // set select box
        if ($i == $page2) {
            $smarty->assign("row_selected", "selected");
        } else {
            $smarty->assign("row_selected", "");
        }
    }
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 255);
    $smarty->assign("subnetmask3", 256-($host_counter/256));
    $smarty->assign("subnetmask4", 0);
    // one select box
    $smarty->assign("noselect", FALSE);
    $smarty->assign("one_select", TRUE);
    $smarty->assign("two_select", FALSE);
    // set displayed nodes
    $nodes_displayed = 256;
 } else {
    // Class A
    // which part do we want to see?
    if ((empty($page)) ? $page = $subnet->address : $page = $page);
    $page = explode('.', $page);
    $page2 = $page[1];
    $page3 = $page[2];
    // fill subnet-array with addresses we want to see
    for($i=0; $i<256; $i++) {
        // build ip
        $ip = $iprange1 . '.' . $page2 . '.' . $page3 .  '.' . $i;
        // fill subnet-array
        $subnetdata[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . ($iprange2+$i-1) . '.255.255';
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    // loop addresses in range 2
    for ($i=$iprange2; $i<(pow(2,(24-$subnet->mask))/256); $i++) {
        // send to tpl
        $smarty->assign("iprange1", $iprange1);
        $smarty->assign("iprange2", $i);
        $smarty->assign("iprange3", $page3);
        $smarty->assign("iprange4", $iprange4);
        // set select box
        if($i == $page2) {
            $smarty->assign("row1_selected", "selected");
        } else {
            $smarty->assign("row1_selected", "");
        }
    }
    // loop addresses in range 3
    for ($i=0; $i<256; $i++) {
        // send to tpl
        $smarty->assign("iprange1", $iprange1);
        $smarty->assign("iprange2", $page2);
        $smarty->assign("iprange3", $i);
        $smarty->assign("iprange4", $iprange4);
        // set select box
        if($i==$page3) {
            $smarty->assign("row2_selected", "selected");
        } else {
            $smarty->assign("row2_selected", "");
        }
    }
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 256-($host_counter/65536));
    $smarty->assign("subnetmask3", 0);
    $smarty->assign("subnetmask4", 0);
    // one select box
    $smarty->assign("noselect", FALSE);
    $smarty->assign("one_select", FALSE);
    $smarty->assign("two_select", TRUE);
    // set displayed nodes
    $nodes_displayed = 256;
 }
 // get nodes for this subnetview and implement the values into the array
 // TODO this is very bad SQL
 /*$sql = "SELECT a.asset_name, g.assetclassgroup_color, n.node_id, n.node_ip
        FROM
            asset AS a,
            assetclass AS c,
            assetclassgroup AS g,
            node AS n
    WHERE
        n.node_ip IN ('".implode("','",array_keys($subnetdata))."')
        AND n.subnet_id=?
        AND a.asset_id=n.asset_id
        AND c.assetclass_id=a.assetclass_id
        AND g.assetclassgroup_id=c.assetclassgroup_id"; */
 $sql = "SELECT
            a.asset_name, g.assetclassgroup_color, n.node_id, n.node_ip
        FROM node AS n
            LEFT JOIN asset AS a USING (asset_id)
            LEFT JOIN assetclass AS c USING (assetclass_id)
            LEFT JOIN assetclassgroup AS g USING (assetclassgroup_id)
        WHERE n.subnet_id=:subnet_id
          AND ((n.node_flags IS NULL) OR (n.node_flags & 0x1 = 0))
          AND INET_ATON(n.node_ip) BETWEEN :ipfrom AND :ipto";
 // Debug $smarty->assign("sql",array_key_first($subnetdata) .  " - " . array_key_last($subnetdata) );
 $sth = $dbh->prepare($sql);
 $sth->bindValue(':ipfrom', ip2long(array_key_first($subnetdata)), PDO::PARAM_INT);
 $sth->bindValue(':ipto', ip2long(array_key_last($subnetdata)), PDO::PARAM_INT);
 $sth->bindValue(':subnet_id', $id, PDO::PARAM_INT);
 $sth->execute();
 $nodes = $sth->fetchAll();
 $smarty->assign("nodes", $nodes);
 if (count($nodes) > 0) {
    foreach ($nodes AS $node) {
        $subnetdata[$node['node_ip']] = $node;
    }
 }
 // replace ip's in subnet-array (if necessary)
 // check for subnet address
 if (array_key_exists($subnet->address, $subnetdata)) {
    // replace
    $subnetdata[$subnet->address] = array("subnet_address");
 }
 // check for broadcast address
 if (array_key_exists($broadcast_address, $subnetdata)) {
    // replace
    $subnetdata[$broadcast_address] = array("broadcast_address");
 }
 $dhcpstart = 0;
 if ($subnet->dhcp_start && $subnet->dhcp_end) {
    $dhcpstart = ip2long($subnet->dhcp_start);
    $dhcpend = ip2long($subnet->dhcp_end);
 }
        // loop subnet-array and send to template
            // start counter
 //            $i=1;
            // loop subnet-array
 foreach ($subnetdata AS $node_ip => $node) {
 // make new line?
 //   if(($i%$_SESSION['suser_imagecount']==0 && $i!=$nodes_displayed) ? $tr="</tr><tr>" : $tr="");
    // check if node-ip in DHCP-area
    $subnetdata[$node_ip]["dynamic"] = false;
    if ($dhcpstart > 0) {
        $ipval = ip2long($node_ip);
        if (($ipval >= $dhcpstart) and ($ipval <= $dhcpend)) {
            $subnetdata[$node_ip]["dynamic"] = true;
        }
    }
    // check node
    if (empty($node)) {
        // empty node to tpl
        $subnetdata[$node_ip]["url"] = 'subnet.php?f=link&id=' . $id . '&amp;node_ip='. $node_ip;
        $subnetdata[$node_ip]["remotetext"] = $node_ip;
        if ($subnetdata[$node_ip]["dynamic"]) {
            $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_dynamic;
        } else {
            $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_unused;
        }
    } else if (array_key_exists(0, $node) && $node[0]=="subnet_address") {
       // subnet address to tpl
        $subnetdata[$node_ip]["url"] = "";
        $subnetdata[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $lang['lang_subnet_subnetaddress'];
        $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
    } else if (array_key_exists(0, $node) && $node[0]=="broadcast_address") {
        // broadcast address to tpl
        $subnetdata[$node_ip]["url"] = "";
        $subnetdata[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $lang['lang_subnet_broadcastaddress'];
        $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
    } else {
        // node to tpl
        $subnetdata[$node_ip]["url"] = 'node.php?f=view&id=' . $node['node_id'];
        $subnetdata[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $node['asset_name'];
        $subnetdata[$node_ip]["assetclassgroup_color"] = $node['assetclassgroup_color'];
    }
    // update counter
    //   $i++;
 } // foreach
 $smarty->assign("subnetdata", $subnetdata);
 $smarty->assign("imagewrap", $_SESSION['suser_imagecount']);
 // vlans
 $sql = "SELECT v.vlan_id AS id, v.vlan_name AS name,
              v.vlan_number AS number
        FROM subnetvlan AS s JOIN vlan AS v USING (vlan_id)
        WHERE s.subnet_id=?
        ORDER BY v.vlan_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("vlans", $sth->fetchAll());
 // locations
 $sql = "SELECT l.location_id, l.location_name
        FROM location AS l LEFT JOIN subnetlocation AS s USING (location_id)
        WHERE s.subnet_id=?
        ORDER BY l.location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("locations", $sth->fetchAll());
 // assetclasses with color from assetclassgroup
 $sql = "SELECT assetclass_id AS id, assetclass_name AS name,
            assetclassgroup_color AS color, COUNT(node_id) AS counter
        FROM node LEFT JOIN asset USING (asset_id) 
                  LEFT JOIN assetclass USING (assetclass_id)
                  LEFT JOIN assetclassgroup USING (assetclassgroup_id)
        WHERE subnet_id=?
          AND ((node.node_flags IS NULL) OR (node.node_flags & 0x1 = 0))
        GROUP BY assetclass_id
        ORDER BY assetclass_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("assetclasses", $sth->fetchAll());
 $smarty->display("subnetview.tpl");
 elseif ($action == ACT_EDIT):
 // ========== VARIANT: edit single record =====================================
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask,
            protocol_version AS proto_vers, subnet_dhcp_start AS dhcp_start,
            subnet_dhcp_end AS dhcp_end, ntp_server, subnet_info AS info
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("subnetedit.tpl");
 elseif ($action == ACT_DELETE):
 // ========== VARIANT: delete record ==========================================
 // subnet
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // node		
 $sql = "SELECT node_id AS id, node_ip AS ip
        FROM node
        WHERE subnet_id=?
        ORDER BY INET_ATON(node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("nodes", $sth->fetchAll());
 $smarty->display("subnetdel.tpl");
 elseif ($action == ACT_LINK):
 // ========== VARIANT: link IP to node ========================================
 // assigniptonode
 $node_ip = sanitize($_GET['node_ip']);
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask 
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("node_ip", $node_ip);
 $smarty->display("assigniptonode.tpl");
 elseif ($action == ACT_LOCATION_EDIT):
 // ========== VARIANT: subnet to location =====================================
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("subnetlocationedit.tpl");
 elseif ($action == ACT_LOCATION_ADD):
 // ========== VARIANT: subnet to location =====================================
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("location_options", db_get_options_location());
 $smarty->display("subnetlocationadd.tpl");
 elseif ($action == ACT_LOCATION_DEL):
 // ========== VARIANT: subnet to location =====================================
 // subnet
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // locations for subnet
 $sql = "SELECT l.location_id, l.location_name
        FROM subnetlocation AS s LEFT JOIN location AS l USING (location_id)
        WHERE s.subnet_id=?
        ORDER BY l.location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $records = $sth->fetchAll();
 $locations = array();
 foreach ($records as $rec) {
    $locations[$rec['location_id']] = $rec['location_name'];
 }
 $smarty->assign("location_options", $locations);
 $smarty->display("subnetlocationdel.tpl");
 elseif ($action == ACT_VLAN_EDIT):
 // ========== VARIANT: subnet to vlan =========================================
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("subnetvlanedit.tpl");
 elseif ($action == ACT_VLAN_ADD):
 // ========== VARIANT: subnet to vlan =========================================
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // vlan
 $sql = "SELECT vlan_id, vlan_number, vlan_name
        FROM vlan
        WHERE vlan_id NOT IN (
 	    SELECT vlan_id FROM subnetvlan WHERE subnet_id=?
 	)
        ORDER BY vlan_number";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $vlans = $sth->fetchAll();
 foreach ($vlans as $vlan) {
    $vlan_options[$vlan['vlan_id']] =  $vlan['vlan_name'] . ' (' . $vlan['vlan_number']. ')';
 }
 $smarty->assign("vlan_options", $vlan_options);
 $smarty->display("subnetvlanadd.tpl");
 elseif ($action == ACT_VLAN_DEL):
 // ========== VARIANT: subnet to vlan =========================================
 // subnet
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // vlan
 $sql = "SELECT v.vlan_id, v.vlan_number, v.vlan_name
        FROM subnetvlan AS s LEFT JOIN vlan AS v USING (vlan_id)
        WHERE s.subnet_id=?
        ORDER BY v.vlan_number";
 $sth = $dbh->prepare($sql);
 $sth->execute([$id]);
 $vlans = $sth->fetchAll();
 foreach ($vlans as $vlan) {
    $vlan_options[$vlan['vlan_id']] =  $vlan['vlan_name'] . ' (' . $vlan['vlan_number']. ')';
 }
 $smarty->assign("vlan_options", $vlan_options);
 $smarty->display("subnetvlandel.tpl");
 else:
 // ========== ERROR UNKNOWN VARIANT ===========================================
 echo "<p>Unknown function call: Please report to system development!</p>\n";
 endif; // $action == ...
 // ========== END OF VARIANTS =================================================
 $smarty->display('footer.tpl');
--- a/subnetadd.php
+++ b/subnetadd.php
@ -1,21 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 if((isset($_GET['vlan_id'])) ? $vlan_id = sanitize($_GET['vlan_id']) : $vlan_id = "");
 include("header.php");
 $smarty->assign("vlan_options", db_get_options_vlan($lang['lang_option_none']));
 $smarty->display("subnetadd.tpl");
 include("footer.php");
 ?>
--- a/subnetdel.php
+++ b/subnetdel.php
@ -1,36 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 // subnet
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // node		
 $sql = "SELECT node_id AS id, node_ip AS ip
        FROM node
        WHERE subnet_id=?
        ORDER BY INET_ATON(node_ip)";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("nodes", $sth->fetchAll());
 $smarty->display("subnetdel.tpl");
 include("footer.php");
 ?>
--- a/subnetedit.php
+++ b/subnetedit.php
@ -1,29 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask,
            protocol_version AS proto_vers, subnet_dhcp_start AS dhcp_start,
            subnet_dhcp_end AS dhcp_end, ntp_server, subnet_info AS info
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("subnetedit.tpl");
 include("footer.php");
 ?>
--- a/subnetlocationadd.php
+++ b/subnetlocationadd.php
@ -1,28 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->assign("location_options", db_get_options_location());
 $smarty->display("subnetlocationadd.tpl");
 include("footer.php");
 ?>
--- a/subnetlocationdel.php
+++ b/subnetlocationdel.php
@ -1,42 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 // subnet
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // locations for subnet
 $sql = "SELECT l.location_id, l.location_name
        FROM subnetlocation AS s LEFT JOIN location USING (location_id)
        WHERE s.subnet_id=?
        ORDER BY l.location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]
 $records = $sth->fetchAll();
 $locations = array();
 foreach ($records as $rec) {
    $locations[$rec['location_id']] = $rec['location_name'];
 }
 $smarty->assign("location_options", $locations);
 $smarty->display("subnetlocationdel.tpl");
 include("footer.php");
 ?>
--- a/subnetlocationedit.php
+++ b/subnetlocationedit.php
@ -1,27 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("subnetlocationedit.tpl");
 include("footer.php");
 ?>
--- a/subnetview.php
+++ b/subnetview.php
@ -1,364 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 if(isset($_GET['page'])) {
    $page = sanitize($_GET['page']);
 }
 $smarty->assign("scripts",'changetext.js');
 include("header.php");
 // subnet
 $sql = "SELECT
            s.subnet_id AS id, 
            s.subnet_address AS address,
            s.subnet_mask AS mask,
            s.subnet_dhcp_start AS dhcp_start,
            s.subnet_dhcp_end AS dhcp_end,
            s.subnet_info AS info,
            s.protocol_version AS proto_vers,
            s.ntp_server,
            COUNT(node.subnet_id) AS node_counter
        FROM
            subnet AS s LEFT JOIN node USING (subnet_id)
        WHERE
            s.subnet_id=?
        GROUP BY
            s.subnet_id";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $subnet = $sth->fetch(PDO::FETCH_OBJ);
 $smarty->assign("subnet", $subnet);
 // set counters
 $host_counter = pow(2, (32-$subnet->mask));
 $node_counter = $subnet->node_counter;
 $subnet_usedpercentage = round((($node_counter/($host_counter-2))*100), 1);
 $smarty->assign("node_counter", $node_counter);
 $smarty->assign("subnet_usedpercentage", $subnet_usedpercentage);
 $smarty->assign("config_color_unused", $config_color_unused);
 $smarty->assign("host_counter", $host_counter-2);
 $smarty->assign("free_counter", (($host_counter-2)-$node_counter));
 // subnet
 // split up the range
 $iprange = explode('.', $subnet->address);
 $iprange1 = $iprange[0];
 $iprange2 = $iprange[1];
 $iprange3 = $iprange[2];
 $iprange4 = $iprange[3];
 // create empty subnet-array
 $subnetdata = array();
 // determine range (Class A/B/C)
 if ($subnet->mask >= 24) {
    // Class C
    // fill subnet-array with addresses we want to see
    for($i=0; $i<$host_counter; $i++) {
        // build ip
        $ip = $iprange1 . '.' . $iprange2 . '.' . $iprange3 . '.' . ($iprange4+$i);
        // fill subnet-array
        $subnetdata[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . $iprange2 . '.' . $iprange3 .  '.' . ($iprange4+$i-1);
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    $smarty->assign("iprange3", $iprange3);
    $smarty->assign("iprange4", $iprange4);
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 255);
    $smarty->assign("subnetmask3", 255);
    $smarty->assign("subnetmask4", 256-$host_counter);
    // no pagination needed
    $smarty->assign("noselect", TRUE);
    $smarty->assign("one_select", FALSE);
    $smarty->assign("two_select", FALSE);
    // set displayed nodes
    $nodes_displayed = $host_counter;
 } else if ($subnet->mask >= 16) {
    // Class B
    // which part do we want to see?
    if ((empty($page)) ? $page = $subnet->address : $page = $page);
    $page = explode('.', $page);
    $page2 = $page[2];
    // fill subnet-array with addresses we want to see
    for($i=0; $i<256; $i++) {
        // build ip
        $ip = $iprange1 . '.' . $iprange2 . '.' . $page2 .  '.' . $i;
        // fill subnet-array
        $subnetdata[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . $iprange2 . '.' . ($iprange3+$i-1) .  '.255';
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    // loop addresses in range3
    for ($i=$iprange3; $i<(pow(2,(32-$subnet->mask))/256); $i++) {
        // send to tpl
        $smarty->assign("iprange3", $i);
        $smarty->assign("iprange4", 0);
        // set select box
        if ($i == $page2) {
            $smarty->assign("row_selected", "selected");
        } else {
            $smarty->assign("row_selected", "");
        }
    }
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 255);
    $smarty->assign("subnetmask3", 256-($host_counter/256));
    $smarty->assign("subnetmask4", 0);
    // one select box
    $smarty->assign("noselect", FALSE);
    $smarty->assign("one_select", TRUE);
    $smarty->assign("two_select", FALSE);
    // set displayed nodes
    $nodes_displayed = 256;
 } else {
    // Class A
    // which part do we want to see?
    if ((empty($page)) ? $page = $subnet->address : $page = $page);
    $page = explode('.', $page);
    $page2 = $page[1];
    $page3 = $page[2];
    // fill subnet-array with addresses we want to see
    for($i=0; $i<256; $i++) {
        // build ip
        $ip = $iprange1 . '.' . $page2 . '.' . $page3 .  '.' . $i;
        // fill subnet-array
        $subnetdata[$ip] = array();
    }
    // calculate broadcast address
    $broadcast_address = $iprange1 . '.' . ($iprange2+$i-1) . '.255.255';
    // to tpl
    $smarty->assign("iprange1", $iprange1);
    $smarty->assign("iprange2", $iprange2);
    // loop addresses in range 2
    for ($i=$iprange2; $i<(pow(2,(24-$subnet->mask))/256); $i++) {
        // send to tpl
        $smarty->assign("iprange1", $iprange1);
        $smarty->assign("iprange2", $i);
        $smarty->assign("iprange3", $page3);
        $smarty->assign("iprange4", $iprange4);
        // set select box
        if($i == $page2) {
            $smarty->assign("row1_selected", "selected");
        } else {
            $smarty->assign("row1_selected", "");
        }
    }
    // loop addresses in range 3
    for ($i=0; $i<256; $i++) {
        // send to tpl
        $smarty->assign("iprange1", $iprange1);
        $smarty->assign("iprange2", $page2);
        $smarty->assign("iprange3", $i);
        $smarty->assign("iprange4", $iprange4);
        // set select box
        if($i==$page3) {
            $smarty->assign("row2_selected", "selected");
        } else {
            $smarty->assign("row2_selected", "");
        }
    }
    $smarty->assign("subnetmask1", 255);
    $smarty->assign("subnetmask2", 256-($host_counter/65536));
    $smarty->assign("subnetmask3", 0);
    $smarty->assign("subnetmask4", 0);
    // one select box
    $smarty->assign("noselect", FALSE);
    $smarty->assign("one_select", FALSE);
    $smarty->assign("two_select", TRUE);
    // set displayed nodes
    $nodes_displayed = 256;
 }
 // get nodes for this subnetview and implement the values into the array
 $sql = "SELECT a.asset_name, g.assetclassgroup_color, n.node_id, n.node_ip
        FROM
            asset AS a,
            assetclass AS c,
            assetclassgroup AS g,
            node AS n
    WHERE
        n.node_ip IN ('".implode("','",array_keys($subnetdata))."')
        AND n.subnet_id=?
        AND a.asset_id=n.asset_id
        AND c.assetclass_id=a.assetclass_id
        AND g.assetclassgroup_id=c.assetclassgroup_id";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $nodes = $sth->fetchAll();
 $smarty->assign("nodes", $nodes);
 if (count($nodes) > 0) {
    foreach ($nodes AS $node) {
        $subnetdata[$node['node_ip']] = $node;
    }
 }
 // replace ip's in subnet-array (if necessary)
 // check for subnet address
 if (array_key_exists($subnet->address, $subnet)) {
    // replace
    $subnetdata[$subnet->address] = array("subnet_address");
 }
 // check for broadcast address
 if (array_key_exists($broadcast_address, $subnet)) {
    // replace
    $subnetdata[$broadcast_address] = array("broadcast_address");
 }
 $dhcpstart = 0;
 if ($subnet->dhcp_start && $subnet->dhcp_end) {
    $dhcpstart = ip2long($subnet->dhcp_start);
    $dhcpend = ip2long($subnet->dhcp_end);
 }
        // loop subnet-array and send to template
            // start counter
 //            $i=1;
            // loop subnet-array
 foreach ($subnetdata AS $node_ip => $node) {
 // make new line?
 //   if(($i%$_SESSION['suser_imagecount']==0 && $i!=$nodes_displayed) ? $tr="</tr><tr>" : $tr="");
    // check if node-ip in DHCP-area
    $subnetdata[$node_ip]["dynamic"] = false;
    if ($dhcpstart > 0) {
        $ipval = ip2long($node_ip);
        if (($ipval >= $dhcpstart) and ($ipval <= $dhcpend)) {
            $subnetdata[$node_ip]["dynamic"] = true;
        }
    }
    // check node
    if (empty($node)) {
        // empty node to tpl
        $subnetdata[$node_ip]["url"] = 'assigniptonode.php?subnet_id=' . $subnet_id . '&amp;node_ip='. $node_ip;
        $subnetdata[$node_ip]["remotetext"] = $node_ip;
        if ($subnetdata[$node_ip]["dynamic"]) {
            $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_dynamic;
        } else {
            $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_unused;
        }
    } else if (array_key_exists(0, $node) && $node[0]=="subnet_address") {
       // subnet address to tpl
        $subnetdata[$node_ip]["url"] = "";
        $subnetdata[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $lang['lang_subnet_subnetaddress'];
        $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
    } else if (array_key_exists(0, $node) && $node[0]=="broadcast_address") {
        // broadcast address to tpl
        $subnetdata[$node_ip]["url"] = "";
        $subnetdata[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $lang['lang_subnet_broadcastaddress'];
        $subnetdata[$node_ip]["assetclassgroup_color"] = $config_color_blocked;
    } else {
        // node to tpl
        $subnetdata[$node_ip]["url"] = 'nodeview.php?node_id=' . $node['node_id'];
        $subnetdata[$node_ip]["remotetext"] = $node_ip . '&nbsp;' . $node['asset_name'];
        $subnetdata[$node_ip]["assetclassgroup_color"] = $node['assetclassgroup_color'];
    }
    // update counter
    //   $i++;
 } // foreach
 $smarty->assign("subnetdata", $subnetdata);
 $smarty->assign("imagewrap", $_SESSION['suser_imagecount']);
 // vlans
 $sql = "SELECT v.vlan_id AS id, v.vlan_name AS name,
              v.vlan_number AS number
        FROM subnetvlan AS s JOIN vlan AS v USING (vlan_id)
        WHERE s.subnet_id=?
        ORDER BY v.vlan_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("vlans", $sth->fetchAll());
 // locations
 $sql = "SELECT l.location_id, l.location_name
        FROM location AS l LEFT JOIN subnetlocation AS s USING (location_id)
        WHERE s.subnet_id=?
        ORDER BY l.location_name";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("locations", $sth->fetchAll());
 // assetclassgroups
 $sql = "SELECT
        assetclassgroup_id AS id,
        assetclassgroup_name AS name,
        assetclassgroup_color  AS color,
        COUNT(assetclass_id) AS counter
    FROM subnet
        LEFT JOIN node USING (subnet_id)
        LEFT JOIN asset USING (asset_id)
        LEFT JOIN assetclass USING (assetclass_id)
        LEFT JOIN assetclassgroup USING (assetclassgroup_id)
    WHERE subnet_id=?
    GROUP BY assetclass_id
    ORDER BY counter DESC";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("assetclassgroups", $sth->fetchAll());
 $smarty->display("subnetview.tpl");
 include("footer.php");
 ?>
--- a/subnetvlanadd.php
+++ b/subnetvlanadd.php
@ -1,43 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // vlan
 $sql = "SELECT vlan_id, vlan_number, vlan_name
        FROM vlan
        WHERE vlan_id NOT IN (
 	    SELECT vlan_id FROM subnetvlan WHERE subnet_id=?
 	)
        ORDER BY vlan_number";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $vlans = $sth->fetchAll();
 foreach ($vlans as $vlan) {
    $vlan_options[$vlan['vlan_id']] =  $vlan['vlan_name'] . ' (' . $vlan['vlan_number']. ')';
 }
 $smarty->assign("vlan_options", $vlan_options);
 $smarty->display("subnetvlanadd.tpl");
 include("footer.php");
 ?>
--- a/subnetvlandel.php
+++ b/subnetvlandel.php
@ -1,36 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 // subnet
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 // vlan
 $sql = "SELECT v.vlan_id, v.vlan_number, v.vlan_name
        FROM subnetvlan AS s LEFT JOIN vlan AS v USING (vlan_id)
        WHERE s.subnet_id=?
        ORDER BY v.vlan_number";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("vlans", $sth->fetchAll());
 $smarty->display("subnetvlandel.tpl");
 include("footer.php");
 ?>
--- a/subnetvlanedit.php
+++ b/subnetvlanedit.php
@ -1,26 +0,0 @@
 <?php
 /*****************************************************************************
 IP Reg, a PHP/MySQL IPAM tool
 Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
 Copyright (C) 2011-2023 Thomas Hooge
 SPDX-License-Identifier: GPL-3.0-or-later
 *****************************************************************************/
 include("includes.php");
 $subnet_id = sanitize($_GET['subnet_id']);
 include("header.php");
 $sql = "SELECT subnet_id AS id, subnet_address AS address, subnet_mask AS mask
        FROM subnet
        WHERE subnet_id=?";
 $sth = $dbh->prepare($sql);
 $sth->execute([$subnet_id]);
 $smarty->assign("subnet", $sth->fetch(PDO::FETCH_OBJ));
 $smarty->display("subnetvlanedit.tpl");
 include("footer.php");
 ?>
--- a/tpl/asset.tpl
+++ b/tpl/asset.tpl
@ -6,7 +6,7 @@
    </td>
    <td align="right">
 {if $suser_add}
-        <a href="assetadd.php"><img src="image.php?icon=add" alt="{$lang_asset_add}" {if $suser_tooltips}title="{$lang_asset_add}" {/if}/></a>
+        <a href="asset.php?f=add"><img src="images/add.png" alt="{$lang_asset_add}" {if $suser_tooltips}title="{$lang_asset_add}" {/if}/></a>
 {/if}
    </td>
 </tr>
@ -16,7 +16,7 @@
 <tr>
 {foreach item=letter from=$alphabet}
    <td>
-        <a href="asset.php?asset_letter={$letter.asset_letter}">{$letter.asset_letter}</a>&nbsp;
+        <a href="asset.php?bst={$letter.bst}">{$letter.bst}</a>&nbsp;
    </td>
 {/foreach}
 </tr>
@ -37,10 +37,10 @@
 {foreach item=asset from=$assets}
 <tr>
    <td class="label">
-        <a href="assetview.php?asset_id={$asset.asset_id}">{$asset.asset_name}</a>
+        <a href="asset.php?f=view&id={$asset.asset_id}">{$asset.asset_name}</a>
    </td>
    <td class="value">
-        <a href="assetclassview.php?assetclass_id={$asset.assetclass_id}">{$asset.assetclass_name}</a>
+        <a href="assetclass.php?f=view&id={$asset.assetclass_id}">{$asset.assetclass_name}</a>
    </td>
    <td class="value">
        {$asset.asset_info}
--- a/tpl/assetadd.tpl
+++ b/tpl/assetadd.tpl
@ -1,5 +1,4 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="asset.php">
 <input type="hidden" name="add" value="asset">
 <table class="title">
 <tr>
@ -7,8 +6,8 @@
        {$lang_asset_add}
    </td>
    <td align="right">
-        <a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
+        <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
-        <input type="image" src="image.php?icon=save" alt="{$lang_submit}" {if $suser_tooltips}title="{$lang_submit}" {/if}/>
+        <input type="image" name="submit[insert]" src="images/save.png" alt="{$lang_submit}" {if $suser_tooltips}title="{$lang_submit}" {/if}/>
    </td>
 </tr>
 </table>
@ -27,7 +26,7 @@
        {$lang_asset_name}
    </td>
    <td class="value">
-        <input type="text" name="asset_name">
+        <input type="text" name="asset_name" autofocus>
    </td>
 </tr>
 <tr>
@ -78,7 +77,7 @@
        {$lang_assetclass_name}
    </td>
    <td class="value">
-        {html_options name=assetclass_id options=$assetclass_options}
+        {html_options name=assetclass_id options=$assetclass_options selected=$assetclass_id}
    </td>
 </tr>
 </table>
--- a/tpl/assetclass.tpl
+++ b/tpl/assetclass.tpl
@ -6,7 +6,7 @@
    </td>
    <td align="right">
 {if $suser_add || $suser_admin}
-        <a href="assetclassadd.php"><img src="image.php?icon=add" alt="{$lang_assetclass_add}" {if $suser_tooltips}title="{$lang_assetclass_add}" {/if}/></a>
+        <a href="assetclass.php?f=add"><img src="images/brick_add.png" alt="{$lang_assetclass_add}" {if $suser_tooltips}title="{$lang_assetclass_add}" {/if}/></a>
 {/if}
    </td>
 </tr>
@ -20,15 +20,21 @@
    <td class="header">
        {$lang_assetclassgroup_name}
    </td>
    <td class="header">
        {$lang_assetclass_count}
    </td>
 </tr>
 {foreach item=assetclass from=$assetclasses}
 <tr>
    <td class="label">
-        <a href="assetclassview.php?assetclass_id={$assetclass.assetclass_id}">{$assetclass.assetclass_name}</a>
+        <a href="assetclass.php?f=view&id={$assetclass.id}">{$assetclass.name}</a>
    </td>
    <td class="value">
-        <img src="image.php?color={$assetclass.assetclassgroup_color}" alt="#{$assetclass.assetclassgroup_color}">
+        <img src="image.php?color={$assetclass.color}" alt="#{$assetclass.color}">
-        <a href="assetclassgroupview.php?assetclassgroup_id={$assetclass.assetclassgroup_id}">{$assetclass.assetclassgroup_name}</a>
+        <a href="assetclassgroup.php?f=view&id={$assetclass.group_id}">{$assetclass.group_name}</a>
    </td>
    <td class="label">
        {$assetclass.count_asset}
    </td>
 </tr>
 {foreachelse}
--- a/tpl/assetclassadd.tpl
+++ b/tpl/assetclassadd.tpl
@ -1,5 +1,4 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="assetclass.php">
 <input type="hidden" name="add" value="assetclass">
 <table class="title">
 <tr>
@ -7,8 +6,8 @@
        {$lang_assetclass_add}
    </td>
    <td align="right">
-        <a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
+        <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
-        <input type="image" src="image.php?icon=save" alt="{$lang_submit}" {if $suser_tooltips}title="{$lang_submit}" {/if}/>
+        <input type="image" name="submit[insert]" src="images/add.png" alt="{$lang_submit}" {if $suser_tooltips}title="{$lang_submit}" {/if}/>
    </td>
 </tr>
 </table>
@ -27,7 +26,15 @@
        {$lang_assetclass_name}
    </td>
    <td class="value">
-        <input type="text" name="assetclass_name">
+        <input type="text" name="assetclass_name" autofocus>
    </td>
 </tr>
 <tr>
    <td class="label">
        {$lang_assetclass_desc}
    </td>
    <td class="value">
        <input type="text" name="assetclass_description" size="60" maxlength="100">
    </td>
 </tr>
 </table>
--- a/tpl/assetclassdel.tpl
+++ b/tpl/assetclassdel.tpl
@ -1,6 +1,5 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="assetclass.php">
-<input type="hidden" name="del" value="assetclass">
+<input type="hidden" name="id" value="{$assetclass->id}">
 <input type="hidden" name="assetclass_id" value="{$assetclass->id}">
 <table  class="title">
 <tr>
@ -8,8 +7,8 @@
        {$lang_assetclass_del}
    </td>
    <td align="right">
-        <a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
+        <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
-        <input type="image" src="image.php?icon=shred" alt="{$lang_assetclass_del}" {if $suser_tooltips}title="{$lang_assetclass_del}" {/if}/>
+        <input type="image" name="submit[delete]" src="images/bin.png" alt="{$lang_assetclass_del}" {if $suser_tooltips}title="{$lang_assetclass_del}" {/if}/>
    </td>
 </tr>
 </table>
@ -28,7 +27,7 @@
        {$lang_assetclass_name}
    </td>
    <td class="value">
-        <a href="assetclassview.php?assetclass_id={$assetclass->id}">{$assetclass->name}</a>
+        <a href="assetclass.php?f=view&id={$assetclass->id}">{$assetclass->name}</a>
    </td>
 </tr>
 </table>
--- a/tpl/assetclassedit.tpl
+++ b/tpl/assetclassedit.tpl
@ -1,15 +1,15 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="assetclass.php">
-<input type="hidden" name="edit" value="assetclass">
+<input type="hidden" name="id" value="{$assetclass->id}">
 <input type="hidden" name="assetclass_id" value="{$assetclass->id}">
 <table class="title">
 <tr>
    <td class="header">
-        {$assetclass->name}
+        <img class="icon" src="images/brick.png" alt="" />
        {$lang_assetclass_edit} : {$assetclass->name}
    </td>
    <td align="right">
-        <a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
+        <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
-        <input type="image" src="image.php?icon=save" alt="{$lang_submit}" {if $suser_tooltips}title="{$lang_submit}" {/if}/>
+        <input type="image" name="submit[update]" src="images/save.png" alt="{$lang_save}" {if $suser_tooltips}title="{$lang_save}" {/if}/>
    </td>
 </tr>
 </table>
@ -31,6 +31,15 @@
        <input type="text" name="assetclass_name" value="{$assetclass->name}">
    </td>
 </tr>
 <tr>
    <td class="label">
        {$lang_assetclass_desc}
    </td>
    <td class="value">
        <input type="text" name="assetclass_description" size="60" maxlength="100" value="{$assetclass->description}">
    </td>
 </tr>
 </table>
 <table class="info">
@ -47,7 +56,7 @@
        {$lang_assetclassgroup}
    </td>
    <td class="value">
-        {html_options name=assetclassgroup_id options=$assetclassgroup_options selected=$assetclassgroup_id}
+        {html_options name=assetclassgroup_id options=$assetclassgroup_options selected=$assetclass->group_id}
    </td>
 </tr>
 </table>
--- a/tpl/assetclassgroup.tpl
+++ b/tpl/assetclassgroup.tpl
@ -6,7 +6,7 @@
    </td>
    <td align="right">
 {if $suser_add || $suser_admin}
-        <a href="assetclassgroupadd.php"><img src="image.php?icon=add" alt="{$lang_assetclassgroup_add}" {if $suser_tooltips}title="{$lang_assetclassgroup_add}" {/if}/></a>
+        <a href="assetclassgroup.php?f=add"><img src="images/add.png" alt="{$lang_assetclassgroup_add}"{if $suser_tooltips} title="{$lang_assetclassgroup_add}"{/if}></a>
 {/if}
    </td>
 </tr>
@ -20,20 +20,26 @@
    <td class="header">
        {$lang_description}
    </td>
    <td class="header">
        {$lang_assetclassgroup_count}
    </td>
 </tr>
 {foreach item=acg from=$assetclassgroups}
 <tr>
    <td class="label">
        <img src="image.php?color={$acg.color}" alt="#{$acg.color}">
-        <a href="assetclassgroupview.php?assetclassgroup_id={$acg.id}">{$acg.name}</a>
+        <a href="assetclassgroup.php?f=view&id={$acg.id}">{$acg.name}</a>
    </td>
    <td>
        {$acg.description}
    </td>
    <td>
        {$acg.count_class}
    </td>
 </tr>
 {foreachelse}
 <tr>
-    <td colspan="2">
+    <td colspan="3">
        {$lang_assetclassgroup_none}
    </td>
 </tr>
--- a/tpl/assetclassgroupadd.tpl
+++ b/tpl/assetclassgroupadd.tpl
@ -1,5 +1,4 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="assetclassgroup.php">
 <input type="hidden" name="add" value="assetclassgroup">
 <table class="title">
 <tr>
@ -7,8 +6,8 @@
        {$lang_assetclassgroup_add}
    </td>
    <td align="right">
-        <a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
+        <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
-        <input type="image" src="image.php?icon=save" alt="{$lang_submit}" {if $suser_tooltips}title="{$lang_submit}" {/if}/>
+        <input type="image" name="submit[insert]" src="images/save.png" alt="{$lang_submit}" {if $suser_tooltips}title="{$lang_submit}" {/if}/>
    </td>
 </tr>
 </table>
@ -27,7 +26,7 @@
        {$lang_assetclassgroup_name}
    </td>
    <td class="value">
-        <input type="text" name="acg_name">
+        <input type="text" name="acg_name" autofocus>
    </td>
 </tr>
 <tr>
@ -47,4 +46,5 @@
    </td>
 </tr>
 </table>
 </form>
--- a/tpl/assetclassgroupdel.tpl
+++ b/tpl/assetclassgroupdel.tpl
@ -1,6 +1,5 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="assetclassgroup.php">
-<input type="hidden" name="del" value="assetclassgroup">
+<input type="hidden" name="id" value="{$assetclassgroup->id}">
 <input type="hidden" name="assetclassgroup_id" value="{$assetclassgroup->id}">
 <table class="title">
 <tr>
@ -8,14 +7,12 @@
        {$assetclassgroup->name}
    </td>
    <td align="right">
-        <a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
+        <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
-        <input type="image" src="image.php?icon=save" alt="{$lang_submit}" {if $suser_tooltips}title="{$lang_submit}" {/if}/>
+        <input type="image" name="submit[delete]" src="images/bin.png" alt="{$lang_del}"{if $suser_tooltips} title="{$lang_assetclassgroup_del}"{/if} />
    </td>
 </tr>
 </table>
 <p>
 <table class="info">
 <tr>
    <td class="header">
@ -30,7 +27,7 @@
        {$lang_assetclassgroup_name}
    </td>
    <td class="value">
-        <a href="assetclassgroupview.php?assetclassgroup_id={$assetclassgroup->id}">{$assetclassgroup->name}</a>
+        <a href="assetclassgroup.php?f=view&id={$assetclassgroup->id}">{$assetclassgroup->name}</a>
    </td>
 </tr>
 </table>
--- a/tpl/assetclassgroupedit.tpl
+++ b/tpl/assetclassgroupedit.tpl
@ -1,15 +1,15 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="assetclassgroup.php">
-<input type="hidden" name="edit" value="assetclassgroup">
+<input type="hidden" name="id" value="{$assetclassgroup->id}">
 <input type="hidden" name="acg_id" value="{$assetclassgroup->id}">
 <table class="title">
 <tr>
    <td class="header">
-        {$assetclassgroup->name}
+        <img class="icon" src="images/bricks.png" alt="" />
        {$lang_assetclassgroup_edit} : {$assetclassgroup->name}
    </td>
    <td align="right">
-        <a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
+        <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
-        <input type="image" src="image.php?icon=save" alt="{$lang_submit}" {if $suser_tooltips}title="{$lang_submit}" {/if}/>
+        <input type="image" name="submit[update]" src="images/save.png" alt="{$lang_submit}" {if $suser_tooltips}title="{$lang_submit}" {/if}/>
    </td>
 </tr>
 </table>
--- a/tpl/assetclassgroupview.tpl
+++ b/tpl/assetclassgroupview.tpl
@ -6,13 +6,13 @@
    </td>
    <td align="right">
 {if $suser_add}
-        <a href="assetclassgroupadd.php?assetclassgroup_id={$assetclassgroup->id}"><img src="image.php?icon=add" alt="{$lang_assetclassgroup_add}" {if $suser_tooltips}title="{$lang_assetclassgroup_add}" {/if}/></a>
+        <a href="assetclassgroup.php?f=add&id={$assetclassgroup->id}"><img src="images/add.png" alt="{$lang_assetclassgroup_add}"{if $suser_tooltips} title="{$lang_assetclassgroup_add}"{/if}></a>
 {/if}
 {if $suser_edit}
-        <a href="assetclassgroupedit.php?assetclassgroup_id={$assetclassgroup->id}"><img src="image.php?icon=edit" alt="{$lang_assetclassgroup_edit}" {if $suser_tooltips}title="{$lang_assetclassgroup_edit}" {/if}/></a>
+        <a href="assetclassgroup.php?f=edit&id={$assetclassgroup->id}"><img src="images/edit.png" alt="{$lang_assetclassgroup_edit}"{if $suser_tooltips} title="{$lang_assetclassgroup_edit}"{/if}></a>
 {/if}
-{if $suser_del}
+{if $suser_delete}
-        <a href="assetclassgroupdel.php?assetclassgroup_id={$assetclassgroup->id}"><img src="image.php?icon=delete" alt="{$lang_assetclassgroup_del}" {if $suser_tooltips}title="{$lang_assetclassgroup_del}" {/if}/></a>
+        <a href="assetclassgroup.php?f=del&id={$assetclassgroup->id}"><img src="images/delete.png" alt="{$lang_assetclassgroup_del}"{if $suser_tooltips} title="{$lang_assetclassgroup_del}"{/if}></a>
 {/if}
    </td>
 </tr>
@ -32,7 +32,7 @@
            {$lang_assetclassgroup_name}
        </td>
        <td class="value">
-            <a href="assetclassgroupview.php?assetclassgroup_id={$assetclassgroup->id}">{$assetclassgroup->name}</a>
+            <a href="assetclassgroup.php?f=view&id={$assetclassgroup->id}">{$assetclassgroup->name}</a>
        </td>
    </tr>
    <tr>
@ -69,7 +69,7 @@
        </td>
        <td class="value">
        {foreach item=assetclass from=$assetclasses}
-            <a href="assetclassview.php?assetclass_id={$assetclass.assetclass_id}">{$assetclass.assetclass_name}</a><br>
+            <a href="assetclass.php?f=view&id={$assetclass.assetclass_id}">{$assetclass.assetclass_name}</a><br>
        {/foreach}
        </td>
    </tr>
--- a/tpl/assetclassview.tpl
+++ b/tpl/assetclassview.tpl
@ -6,13 +6,13 @@
    </td>
    <td align="right">
 {if $suser_add}
-        <a href="assetadd.php?assetclass_id={$assetclass->assetclass_id}"><img src="image.php?icon=add" alt="{$lang_asset_add}" {if $suser_tooltips}title="{$lang_asset_add}" {/if}/></a>
+        <a href="assetclass.php?f=add"><img src="images/brick_add.png" alt="{$lang_asset_add}" {if $suser_tooltips}title="{$lang_assetclass_add}" {/if}/></a>
 {/if}
 {if $suser_edit}
-        <a href="assetclassedit.php?assetclass_id={$assetclass->assetclass_id}"><img src="image.php?icon=edit" alt="{$lang_assetclass_edit}" {if $suser_tooltips}title="{$lang_asset_edit}" {/if}/></a>
+        <a href="assetclass.php?f=edit&id={$assetclass->assetclass_id}"><img src="images/brick_edit.png" alt="{$lang_assetclass_edit}" {if $suser_tooltips}title="{$lang_assetclass_edit}" {/if}/></a>
 {/if}
-{if $suser_del}
+{if $suser_delete}
-        <a href="assetclassdel.php?assetclass_id={$assetclass->assetclass_id}"><img src="image.php?icon=delete" alt="{$lang_assetclass_add}" {if $suser_tooltips}title="{$lang_asset_delete}" {/if}/></a>
+        <a href="assetclass.php?f=del&id={$assetclass->assetclass_id}"><img src="images/brick_delete.png" alt="{$lang_assetclass_add}" {if $suser_tooltips}title="{$lang_assetclass_del}" {/if}/></a>
 {/if}
    </td>
 </tr>
@ -33,10 +33,18 @@
    </td>
    <td class="value">
 {if $suser_edit}
-        <a href="assetclassview.php?assetclass_id={$assetclass->assetclass_id}">{$assetclass->assetclass_name}</a>
+        <a href="assetclass.php?f=view&id={$assetclass->assetclass_id}">{$assetclass->assetclass_name}</a>
 {/if}
    </td>
 </tr>
 <tr>
    <td class="label">
        {$lang_assetclass_desc}
    </td>
    <td class="label_right">
        {$assetclass->assetclass_description}
    </td>
 </tr>
 </table>
 <table class="info">
@ -54,7 +62,7 @@
    </td>
    <td class="value">
        <img src="image.php?color={$assetclass->assetclassgroup_color}" alt="#{$assetclass->assetclassgroup_color}">
-        <a href="assetclassgroupview.php?assetclassgroup_id={$assetclass->assetclassgroup_id}">{$assetclass->assetclassgroup_name}</a><br>
+        <a href="assetclassgroup.php?f=view&id={$assetclass->assetclassgroup_id}">{$assetclass->assetclassgroup_name}</a><br>
    </td>
 </tr>
 </table>
@ -65,7 +73,9 @@
        {$lang_assets}
    </td>
    <td class="header_right">
-        &nbsp;
+{if $suser_add}
        <a href="asset.php?f=add&assetclass_id={$assetclass->assetclass_id}"><img src="images/add.png" alt="{$lang_asset_add}" {if $suser_tooltips}title="{$lang_asset_add}" {/if}/></a>
 {/if}       
    </td>
 </tr>
 <tr>
@ -74,7 +84,7 @@
    </td>
    <td class="value">
        {foreach item=asset from=$assets}
-        <a href="assetview.php?asset_id={$asset.asset_id}">{$asset.asset_name}</a>
+        <a href="asset.php?f=view&id={$asset.asset_id}">{$asset.asset_name}</a>
        {$asset.asset_info}
        <br>
        {/foreach}
--- a/tpl/assetdel.tpl
+++ b/tpl/assetdel.tpl
@ -1,6 +1,5 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="asset.php">
-<input type="hidden" name="del" value="asset">
+<input type="hidden" name="id" value="{$asset_id}">
 <input type="hidden" name="asset_id" value="{$asset_id}">
 <table class="title">
 <tr>
@ -8,8 +7,8 @@
        {$lang_asset_del}
    </td>
    <td align="right">
-        <a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
+        <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}" {if $suser_tooltips}title="{$lang_cancel}" {/if}/></a>
-        <input type="image" src="image.php?icon=shred" alt="{$lang_asset_del}" {if $suser_tooltips}title="{$lang_asset_del}" {/if}/>
+        <input type="image" name="submit[delete]" src="images/bin.png" alt="{$lang_asset_del}" {if $suser_tooltips}title="{$lang_asset_del}" {/if}/>
    </td>
 </tr>
 </table>
@ -29,7 +28,7 @@
        {$lang_asset_name}
    </td>
    <td class="value">
-        <a href="assetview.php?asset_id={$asset_id}">{$asset_name}</a>
+        <a href="asset.php?f=view&id={$asset_id}">{$asset_name}</a>
    </td>
 </tr>
 </table>
--- a/tpl/assetedit.tpl
+++ b/tpl/assetedit.tpl
@ -1,16 +1,15 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="asset.php">
-<input type="hidden" name="edit" value="asset">
+<input type="hidden" name="id" value="{$asset->asset_id}">
 <input type="hidden" name="asset_id" value="{$asset->asset_id}">
 <input type="hidden" name="assetclass_id" value="{$asset->assetclass_id}">
 <table class="title">
 <tr>
    <td class="header">
-        {$asset_name}
+        <img class="icon" src="images/asset.png" alt="" />
        {$lang_asset_edit} : {$asset->asset_name}
    </td>
    <td align="right">
-        <a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
+        <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}"></a>
-        <input type="image" src="image.php?icon=save" alt="{$lang_submit}">
+        <input type="image" name="submit[update]" src="images/save.png" alt="{$lang_submit}">
    </td>
 </tr>
 </table>
@ -85,4 +84,24 @@
 </tr>
 </table>
 {if $zabbix}
 <table class="info">
 <tr>
    <td class="header">
        Zabbix
    </td>
    <td class="header_right">
        &nbsp;
    </td>
 </tr>
 <tr>
    <td class="label">
        Host ID
    </td>
    <td class="value">
        <input type="text" size="8" name="x_zbx_host" value="{$refid}">
    </td>
 </tr>
 </table>
 {/if}
 </form>
--- a/tpl/assetview.tpl
+++ b/tpl/assetview.tpl
@ -6,13 +6,13 @@
    </td>
    <td align="right">
 {if $suser_add}
-        <a href="assignnodetoasset.php?asset_id={$asset->asset_id}"><img src="image.php?icon=add" alt="{$lang_assignnodetoasset}"></a>
+        <a href="assignnodetoasset.php?asset_id={$asset->asset_id}"><img src="images/add.png" alt="{$lang_assignnodetoasset}"{if $suser_tooltips} title="{$lang_nat_edit}"{/if}></a>
 {/if}
 {if $suser_edit}
-        <a href="assetedit.php?asset_id={$asset->asset_id}"><img src="image.php?icon=edit" alt="{$lang_asset_edit}"></a>
+        <a href="asset.php?f=edit&id={$asset->asset_id}"><img src="images/edit.png" alt="{$lang_asset_edit}"{if $suser_tooltips} title="{$lang_nat_edit}"{/if}></a>
 {/if}
-{if $suser_del}
+{if $suser_delete}
-        <a href="assetdel.php?asset_id={$asset->asset_id}"><img src="image.php?icon=delete" alt="{$lang_asset_edit}"></a>
+        <a href="asset.php?f=del&id={$asset->asset_id}"><img src="images/delete.png" alt="{$lang_asset_del}"{if $suser_tooltips} title="{$lang_asset_del}"{/if}></a>
 {/if}
    </td>
 </tr>
@ -32,7 +32,7 @@
            {$lang_asset_name}
        </td>
        <td class="value">
-            <a href="assetview.php?asset_id={$asset->asset_id}">{$asset->asset_name}</a>
+            <a href="asset.php?f=view&id={$asset->asset_id}">{$asset->asset_name}</a>
        </td>
    </tr>
    <tr>
@ -84,7 +84,7 @@
        {$lang_assetclass_name}
    </td>
    <td class="value">
-        <a href="assetclassview.php?assetclass_id={$asset->assetclass_id}">{$asset->assetclass_name}</a>
+        <a href="assetclass.php?f=view&id={$asset->assetclass_id}">{$asset->assetclass_name}</a>
    </td>
 </tr>
 </table>
@ -96,7 +96,7 @@
    </td>
    <td class="header_right">
 {if $suser_edit}
-        <a href="assignnodetoasset.php?asset_id={$asset->asset_id}"><img src="image.php?icon=edit" alt="{$lang_assignnodetoasset}"></a>
+        <a href="node.php?f=link&asset_id={$asset->asset_id}"><img src="images/edit.png" alt="{$lang_assignnodetoasset}"{if $suser_tooltips} title="{$lang_assignnodetoasset}"{/if}></a>
 {/if}
    </td>
 </tr>
@ -106,8 +106,15 @@
    </td>
    <td class="value">
        {foreach item=node from=$nodes}
-        <a href="nodeview.php?node_id={$node.node_id}">{if $node.node_ip}{$node.node_ip}{else}(leer){/if}</a>
+        {if !$node.deleted}
-        {if $node.node_info}{$node.node_info}{/if}<br>
+            <a href="node.php?f=view&id={$node.node_id}">{if $node.node_ip}{$node.node_ip}{else}(leer){/if}</a>
            {if $node.node_info}{$node.node_info}{/if}<br>
        {else}
            {if $suser_admin or $suser_manage}
                <s>{if $node.node_ip}{$node.node_ip}{else}(leer){/if}</s>
                {if $node.node_info}{$node.node_info}{/if}<br>
            {/if}
        {/if}
        {/foreach}
    </td>
 </tr>
--- a/tpl/assigniptonode.tpl
+++ b/tpl/assigniptonode.tpl
@ -1,5 +1,4 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="node.php">
 <input type="hidden" name="redirect" value="assigniptonode">
 <input type="hidden" name="node_ip" value="{$node_ip}">
 <input type="hidden" name="subnet_id" value="{$subnet->id}">
@ -9,8 +8,8 @@
        {$lang_assigniptonode}
    </td>
    <td align="right">
-        <a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
+        <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}"{if $suser_tooltips} title="{$lang_cancel}"{/if}></a>
-        <input type="image" src="image.php?icon=next" alt="{$lang_submit}">
+        <input type="image" name="submit[link]" src="images/fastforward.png" alt="{$lang_submit}"{if $suser_tooltips} title="{$lang_submit}"{/if}>
    </td>
 </tr>
 </table>
@ -37,7 +36,7 @@
        {$lang_subnet}
    </td>
    <td class="value">
-        <a href="subnetview.php?subnet_id={$subnet->id}&page={$node_ip}">{$subnet->address}/{$subnet->mask}</a>
+        <a href="subnet.php?f=view&id={$subnet->id}&page={$node_ip}">{$subnet->address}/{$subnet->mask}</a>
    </td>
 </tr>
 </table>
@ -50,12 +49,12 @@
 </tr>
 <tr>
    <td class="value">
-        <input type="radio" name="action" value="assignnodetoasset" checked>&nbsp;{$lang_assignnodetoasset_existing}
+        <input type="radio" id="opt1" name="action" value="assignnodetoasset" checked>&nbsp;<label for="opt1">{$lang_assignnodetoasset_existing}</label>
    </td>
 </tr>
 <tr>
    <td class="value">
-        <input type="radio" name="action" value="nodeadd">&nbsp;{$lang_assignnodetoasset_new}
+        <input type="radio" id="opt2" name="action" value="nodeadd">&nbsp;<label for="opt2">{$lang_assignnodetoasset_new}</label>
    </td>
 </tr>   
 </table>
--- a/tpl/assignnodetoasset.tpl
+++ b/tpl/assignnodetoasset.tpl
@ -1,5 +1,4 @@
-<form method="POST" action="submit.php">
+<form method="POST" action="node.php">
 <input type="hidden" name="add" value="assignnodetoasset">
 <table class="title">
    <tr>
@ -7,8 +6,8 @@
            {$lang_assignnodetoasset}
        </td>
        <td align="right">
-            <a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
+            <a href="#" onClick="history.go(-1)"><img src="images/rewind.png" alt="{$lang_cancel}"{if $suser_tooltips} title="{$lang_cancel}"{/if}></a>
-            <input type="image" src="image.php?icon=save" alt="{$lang_submit}">
+            <input type="image" name="submit[exec-link]" src="images/save.png" alt="{$lang_submit}"{if $suser_tooltips} title="{$lang_submit}"{/if}>
        </td>
    </tr>
 </table>
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Thomas Hooge	8e218fd4ba	Fixed utf8 encoding for ldap dn	2023-12-22 10:42:58 +01:00
Thomas Hooge	7e73d8efbc	Fixed search links	2023-08-29 08:44:13 +02:00
Thomas Hooge	05e85db3a7	Fixed and improved subnet add/edit	2023-03-15 07:43:46 +01:00
Thomas Hooge	303c22160d	Fixed some display bugs and improved icons	2023-03-14 18:58:28 +01:00
Thomas Hooge	34112b8c1c	Fix some image links	2023-03-13 14:58:22 +01:00
Thomas Hooge	c76e8fe9d3	Added administrative password change feature	2023-03-12 17:05:34 +01:00
Thomas Hooge	4266a211e0	Changed language detection code, added some small features	2023-03-12 12:38:43 +01:00
Thomas Hooge	aabd37bd1a	Improved image-buttons and colored image creation	2023-03-11 17:29:44 +01:00
Thomas Hooge	20b54f5b27	Improved MAC address formatting	2023-03-11 08:59:59 +01:00
Thomas Hooge	02980bbad5	Checks before removing objects	2023-03-10 20:03:21 +01:00
Thomas Hooge	8c61638485	Remove footer.php and some small improvements	2023-03-10 19:31:07 +01:00
Thomas Hooge	bfbdc16036	Implement node flags	2023-03-07 14:56:32 +01:00
Thomas Hooge	78b97c5094	Refactored, no more redirects. Improved error messaging system	2023-03-06 19:25:21 +01:00
Thomas Hooge	7cfcaeb9d7	Refactored asset and location	2023-03-04 14:55:07 +01:00
Thomas Hooge	32bd592098	Refactored user, vlan and zone	2023-03-03 19:33:52 +01:00
Thomas Hooge	c63b500d77	Refactored assetclassgroup	2023-03-03 18:14:42 +01:00
Thomas Hooge	ccdcfb968c	Refactored assetclass	2023-03-03 14:36:39 +01:00
Thomas Hooge	f0992b4b64	Some more minor GUI improvements	2023-03-03 07:48:35 +01:00
Thomas Hooge	6ebaea2d45	GUI improvements and new assetclass description	2023-03-02 18:58:04 +01:00
Thomas Hooge	6a5c483c42	Improved cable functions	2023-03-02 13:56:07 +01:00
Thomas Hooge	6e4c4236aa	Some more bugfixing	2023-03-02 10:53:06 +01:00
Thomas Hooge	5e605692dd	Add missing LDAP code to login	2023-03-02 08:40:55 +01:00
Thomas Hooge	1c8021c325	Added counter to assetclass and assetclassgroup views	2023-03-01 17:54:04 +01:00