<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
// ========== CONSTANT DEFINITIONS ============================================
// page actions
define ('ACT_ERR_DENIED', -1);
define ('ACT_DEFAULT', 0);
define ('ACT_ADD', 1);
define ('ACT_VIEW', 2);
define ('ACT_EDIT', 3);
define ('ACT_DELETE', 4);
define ('ACT_COPY', 5);
define ('ACT_JOIN', 6);
define ('ACT_LEAVE', 7);
define ('ACT_EDIT_DETAIL', 8);
define ('ACT_DEL_DETAIL', 9);
define ('ACT_LINK', 10);
define ('ACT_UNLINK', 11);
define ('ACT_MAIL', 12);
define ('ACT_VIEW_LIST', 13);
define ('ACT_PASSWORD', 14);
// ========== GLOBAL PAGE START CODE ==========================================
// global version string
$config_version = 'v0.9.1';
// available languages
$config_lang = array('de', 'en');
include("lib/functions.php");
require_once('smarty3/Smarty.class.php');
$smarty = new Smarty();
$smarty->template_dir = 'tpl';
$smarty->compile_dir = 'tpl_c';
$smarty->registerPlugin('function', 'treelist', 'print_tree');
$smarty->registerPlugin('function', 'msgout', 'msgout');
if (!empty($_SESSION['suser_id'])) {
$smarty->assign("suser_name", $_SESSION['suser_displayname']);
$smarty->assign("suser_tooltips", $_SESSION['suser_tooltips'] ?? 'off');
$smarty->assign("suser_add", $_SESSION['suser_role_add']);
$smarty->assign("suser_edit", $_SESSION['suser_role_edit']);
$smarty->assign("suser_delete", $_SESSION['suser_role_delete']);
$smarty->assign("suser_manage", $_SESSION['suser_role_manage']);
$smarty->assign("suser_admin", $_SESSION['suser_role_admin']);
}
// prepare global message system
$g_message = new Message;
$g_warning = new MessageWarning;
$g_error = new MessageError;
$action = ACT_DEFAULT;
// ========== LANGUAGE FUNCTIONS ==============================================
function lang_getfrombrowser($allowed, $default) {
// get browser most preferred language if possible
if (empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
return $default;
}
$accepted = preg_split('/,\s*/', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
$current_lang = $default;
$current_q = 0;
foreach ($accepted as $lang) {
$res = preg_match ('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i',
$lang, $matches);
if (!$res) {
continue;
}
$lang_code = explode ('-', $matches[1]);
if (isset($matches[2])) {
$lang_quality = (float)$matches[2];
} else {
$lang_quality = 1.0;
}
while (count($lang_code)) {
if (in_array(strtolower(join ('-', $lang_code)), $allowed)) {
if ($lang_quality > $current_q) {
$current_lang = strtolower (join ('-', $lang_code));
$current_q = $lang_quality;
break;
}
}
array_pop($lang_code);
}
}
return $current_lang;
}
// ========== FEEDBACK FUNCTIONS ==============================================
class Message {
var $count = 0;
var $text = array();
var $caption;
function Message() {
$this->caption = 'Information';
}
function SetCaption($str) {
$this->caption = $str;
}
function Add($msg) {
$this->count++;
$this->text[$this->count] = $msg;
}
function GetCount() {
return $this->count;
}
function PrintOut() {
if ($this->count > 0) {
echo '<div class="info">', "\n";
echo '<h3>', $this->caption, "</h3>\n";
echo "<ul>\n";
for ($i=1; $i<=$this->count; $i++) {
echo "\t<li>", $this->text[$i],"</li>\n";
}
echo "</ul>\n";
echo "</div>\n";
}
}
}
class MessageWarning extends Message {
function MessageWarning() {
$this->caption = 'Warning';
}
function PrintOut() {
if ($this->count > 0) {
echo '<div class="warning">', "\n";
echo '<h3>', $this->caption, "</h3>\n";
echo "<ul>\n";
for ($i=1; $i<=$this->count; $i++) {
echo "\t<li>", $this->text[$i],"</li>\n";
}
echo "</ul>\n";
echo "</div>\n";
}
}
}
class MessageError extends Message {
function MessageError() {
$this->caption = 'Error';
}
function PrintOut() {
if ($this->count > 0) {
echo '<div class="error">', "\n";
echo '<h3>', $this->caption, "</h3>\n";
echo "<ul>\n";
for ($i=1; $i<=$this->count; $i++) {
echo "\t<li>", $this->text[$i],"</li>\n";
}
echo "</ul>\n";
echo "</div>\n";
}
}
}
function msgout(array $parameters, Smarty_Internal_Template $smarty) {
// This is just a quick hack around missing {php} in Smarty3
$GLOBALS['g_error']->PrintOut();
$GLOBALS['g_warning']->PrintOut();
$GLOBALS['g_message']->PrintOut();
}
// ========== FORM FUNCTIONS ==================================================
function form_get_action() {
if (!isset($_POST['submit'])) {
if (isset($_GET['f'])) {
$submit = $_GET['f'];
} else {
$submit = NULL;
}
} else {
$submit = $_POST['submit'];
}
if (is_array($submit)) {
$submit = key($submit);
}
return strtolower($submit);
}
function submit_error($action) {
/* Submit buttons that return an unknown value end up in this
function by default. An exit() is conscious here *not* installed,
since it could be that despite such an error the program
execution should be continued. */
return sprintf('The action "%s" is unknown. It is probably a program error.<br> Please inform your administrator of the exact circumstances of how this situation came about.', strtoupper($action));
}
// ========== DATABASE FUCTIONS ===============================================
function db_load_enum($table, $column) {
// returns array of enum-values as defined in database
global $dbh;
$sql = "SELECT TRIM(TRAILING ')' FROM SUBSTRING(column_type,6))
FROM information_schema.columns
WHERE table_name=? AND column_name=?";
$sth = $dbh->prepare($sql);
$sth->execute([$table, $column]);
// Für PHP < 7.4
// return array_map(function($x) { return trim($x, "'"); }, explode(',', $sth->fetchColumn()));
return array_map(fn($x) => trim($x, "'"), explode(',', $sth->fetchColumn()));
}
function db_get_options_asset() {
global $dbh;
$sql = "SELECT asset_id, asset_name FROM asset ORDER BY asset_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_assetclass() {
global $dbh;
$sql = "SELECT assetclass_id, assetclass_name FROM assetclass ORDER BY assetclass_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_assetclassgroup() {
global $dbh;
$sql = "SELECT assetclassgroup_id, assetclassgroup_name FROM assetclassgroup ORDER BY assetclassgroup_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_location($default = NULL) {
global $dbh;
$options = array();
if ($default != NULL) {
$options[0] = $default;
}
$sql = "SELECT location_id, location_name FROM location ORDER BY location_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_subnet() {
global $dbh;
$sql = "SELECT subnet_id,
CONCAT_WS('/', subnet_address, subnet_mask) AS subnet_name
FROM subnet
ORDER BY INET_ATON(subnet_address)";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_vlan($default = NULL) {
global $dbh;
$options = array();
if ($default != NULL) {
$options[0] = $default;
}
$sql = "SELECT vlan_id, vlan_name FROM vlan ORDER BY vlan_name";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
function db_get_options_zone($default = NULL) {
global $dbh;
$options = array();
if ($default != NULL) {
$options[0] = $default;
}
$sql = "SELECT zone_id, zone_origin FROM zone ORDER BY zone_origin";
$sth = $dbh->query($sql);
foreach ($sth->fetchAll(PDO::FETCH_NUM) as $rec) {
$options[$rec[0]] = $rec[1];
}
return $options;
}
// ========== MISC FUCTIONS ===================================================
function strip_mac($mac, $caps=true) {
// strip mac address to 12 char string
// strip chars we don't need
$mac = preg_replace('/[^a-fA-F0-9]/', '', $mac);
if ($caps) {
$mac = strtoupper($mac);
} else {
$mac = strtolower($mac);
}
return $mac;
}
function write_mac($mac, $user_mac='xx:xx:xx:xx:xx:xx') {
// rebuild mac address using user supplied format
if (strlen($mac) != 12) {
// if the MAC is empty, or for whatever reason incorrect, just return
return $mac;
}
// check format of user mac: count upper or lower char
$chars = count_chars($user_mac, 1);
if (array_key_exists(88, $chars) and $chars[88] == 12) {
$pattern = '/X/';
$mac = strtoupper($mac);
} elseif (array_key_exists(120, $chars) and $chars[120] == 12) {
$pattern = '/x/';
$mac = strtolower($mac);
} else {
// invalid format
return $mac;
}
for($i=0; $i<12; $i++) {
$user_mac = preg_replace($pattern, $mac[$i], $user_mac, 1);
}
return $user_mac;
}
function header_location($location) {
// redirect page
header('location:' . $location);
exit;
}