<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
For more information, visit http://sourceforge.net/projects/ipreg,
or contact me at wietsew@users.sourceforge.net
*****************************************************************************/
// includes
include("includes.php");
// check for submit
if ($_SERVER['REQUEST_METHOD']=="POST") {
// what to do?
if (isset($_POST['redirect'])) {
switch ($_POST['redirect']) {
case ("assigniptonode") :
// get variables
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("assignnodetoasset") :
// redirect
header_location("assignnodetoasset.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip);
break;
case ("nodeadd") :
// redirect
header_location("nodeadd.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip);
break;
}
break;
case ("locationsubnet") :
// get variables
$location_id = sanitize($_POST['location_id']);
switch ($_POST['action']) {
case ("locationsubnetadd") :
// redirect
header_location("locationsubnetadd.php?location_id=" . $location_id);
break;
case ("locationsubnetdel") :
// redirect
header_location("locationsubnetdel.php?location_id=" . $location_id);
break;
}
break;
case ("nat") :
// get variables
$node_id = sanitize($_POST['node_id']);
switch ($_POST['action']) {
case ("natadd") :
// redirect
header_location("natadd.php?node_id=" . $node_id);
break;
case ("natdel") :
// redirect
header_location("natdel.php?node_id=" . $node_id);
break;
}
break;
case ("subnetlocation") :
// get variables
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("subnetlocationadd") :
// redirect
header_location("subnetlocationadd.php?subnet_id=" . $subnet_id);
break;
case ("subnetlocationdel") :
// redirect
header_location("subnetlocationdel.php?subnet_id=" . $subnet_id);
break;
}
break;
case ("subnetvlan") :
// get variables
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("subnetvlanadd") :
// redirect
header_location("subnetvlanadd.php?subnet_id=" . $subnet_id);
break;
case ("subnetvlandel") :
// redirect
header_location("subnetvlandel.php?subnet_id=" . $subnet_id);
break;
}
break;
case ("vlansubnet") :
// get variables
$vlan_id = sanitize($_POST['vlan_id']);
switch ($_POST['action']) {
case ("vlansubnetadd") :
// redirect
header_location("vlansubnetadd.php?vlan_id=" . $vlan_id);
break;
case ("vlansubnetdel") :
// redirect
header_location("vlansubnetdel.php?vlan_id=" . $vlan_id);
break;
}
break;
}
}
if (isset($_POST['add'])) {
switch ($_POST['add']) {
case ("asset") :
// get variables
$asset_name = sanitize($_POST['asset_name']);
$asset_hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
$asset_info = sanitize($_POST['asset_info']);
// build query
$query = "INSERT
INTO
asset(
asset.asset_name,
asset.asset_hostname,
asset.assetclass_id,
asset.asset_info
)
VALUE
(
'$asset_name',
'$asset_hostname',
'$assetclass_id',
'$asset_info'
)";
// run query
$asset_id = $db->db_insert($query);
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
break;
case ("assetclass") :
// get variables
$assetclass_name = sanitize($_POST['assetclass_name']);
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
// build query
$query = "INSERT
INTO
assetclass(
assetclass.assetclass_name,
assetclass.assetclassgroup_id
)
VALUE
(
'$assetclass_name',
'$assetclassgroup_id'
)";
// run query
$assetclass_id = $db->db_insert($query);
// redirect
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
break;
case ("assetclassgroup") :
// get variables
$assetclassgroup_name = sanitize($_POST['assetclassgroup_name']);
$assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
// build query
$query = "INSERT
INTO
assetclassgroup(
assetclassgroup.assetclassgroup_name,
assetclassgroup.assetclassgroup_color
)
VALUE
(
'$assetclassgroup_name',
'$assetclassgroup_color'
)";
// run query
$assetclassgroup_id = $db->db_insert($query);
// redirect
header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
break;
case ("assignnodetoasset") :
// get variables
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
$asset_id = sanitize($_POST['asset_id']);
$node_mac = strip_mac(sanitize($_POST['node_mac']));
if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1']));
if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2']));
$node_info = $_POST['node_info'];
// build query
$query = "INSERT
INTO
node(
node.node_ip,
node.node_mac,
node.node_dns1,
node.node_dns2,
node.subnet_id,
node.asset_id,
node.node_info
)
VALUE
(
'$node_ip',
'$node_mac',
'$node_dns1',
'$node_dns2',
'$subnet_id',
'$asset_id',
'$node_info'
)";
// run query
$node_id = $db->db_insert($query);
// redirect
header_location("nodeview.php?node_id=" . $node_id);
break;
case ("assignlocationtosubnet") :
// get variables
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
// build query
$query = "INSERT
INTO
subnetlocation(
subnetlocation.location_id,
subnetlocation.subnet_id
)
VALUE
(
'$location_id',
'$subnet_id'
)";
// run query
$db->db_insert($query);
// redirect
header_location("Location: location.php");
break;
case ("assignsubnettovlan") :
// get variables
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
// build query
$query = "UPDATE
subnet
SET
subnet.vlan_id='$vlan_id'
WHERE
subnet.subnet_id='$subnet_id'";
// run query
$db->db_update($query);
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("location") :
// get variables
$location_name = sanitize($_POST['location_name']);
$location_parent = sanitize($_POST['location_parent']);
$location_info = sanitize($_POST['location_info']);
// build query
$query = "INSERT
INTO
location(
location.location_name,
location.location_parent,
location.location_info
)
VALUE
(
'$location_name',
'$location_parent',
'$location_info'
)";
// run query
$location_id = $db->db_insert($query);
// redirect
header_location("locationview.php?location_id=" . $location_id);
break;
case ("locationsubnet") :
// get variables
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
// build query
$query = "INSERT
INTO
subnetlocation(
subnetlocation.location_id,
subnetlocation.subnet_id
)
VALUE
(
'$location_id',
'$subnet_id'
)";
// run query
$newid = $db->db_insert($query);
// redirect
header_location("locationview.php?location_id=" . $location_id);
break;
case ("nat") :
// get variables
$node_id_ext = sanitize($_POST['node_id_ext']);
$node_id_int = sanitize($_POST['node_id_int']);
$nat_type = sanitize($_POST['nat_type']);
// build query
$query = "INSERT
INTO
nat(
nat.nat_ext,
nat.nat_int,
nat.nat_type
)
VALUE
(
'$node_id_ext',
'$node_id_int',
'$nat_type'
)";
// run query
$db->db_insert($query);
// redirect
header_location("nodeview.php?node_id=" . $node_id_ext);
break;
case ("node") :
// get variables
$asset_name = sanitize($_POST['asset_name']);
$asset_hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
$ip = sanitize($_POST['node_ip']);
$mac = strip_mac(sanitize($_POST['node_mac']));
if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1']));
if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2']));
$node_info = sanitize($_POST['node_info']);
$subnet_id = $_POST['subnet_id'];
// build query
$query = "INSERT
INTO
asset(
asset.asset_name,
asset.asset_hostname,
asset.assetclass_id
)
VALUE
(
'$asset_name',
'$asset_hostname',
'$assetclass_id'
)";
// run query
$asset_id = $db->db_insert($query);
// build query
$query = "INSERT
INTO
node(
node.node_ip,
node.node_mac,
node.node_dns1,
node.node_dns2,
node.node_info,
node.subnet_id,
node.asset_id
)
VALUE
(
'$ip',
'$mac',
'$dns1',
'$dns2',
'$node_info',
'$subnet_id',
'$asset_id'
)";
// run query
$node_id = $db->db_insert($query);
// redirect
header_location("nodeview.php?node_id=" . $node_id);
break;
case ("subnet") :
// get variables
$subnet_address= sanitize($_POST['subnet_address']);
$subnet_mask = sanitize($_POST['subnet_mask']);
$subnet_info = sanitize($_POST['subnet_info']);
// build query
$query = "INSERT
INTO
subnet(
subnet.subnet_address,
subnet.subnet_mask,
subnet.subnet_info
)
VALUE
(
'$subnet_address',
'$subnet_mask',
'$subnet_info'
)";
// run query
$subnet_id = $db->db_insert($query);
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("subnetlocation") :
// get variables
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
// build query
$query = "INSERT
INTO
subnetlocation(
subnetlocation.location_id,
subnetlocation.subnet_id
)
VALUE
(
'$location_id',
'$subnet_id'
)";
// run query
$db->db_insert($query);
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("subnetvlan") :
// get variables
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
// build query
$query = "INSERT
INTO
subnetvlan(
subnetvlan.subnet_id,
subnetvlan.vlan_id
)
VALUE
(
'$subnet_id',
'$vlan_id'
)";
// run query
$db->db_insert($query);
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
// get variables
$user_name = strtolower(sanitize($_POST['user_name']));
$user_displayname = sanitize($_POST['user_displayname']);
$user_password = md5(sanitize($_POST['user_password']));
// build query
$query = "SELECT
user.user_name
FROM
user
WHERE
user.user_name='$user_name'";
// run query
$users = $db->db_select($query);
// count results
$user_counter = count($users);
// user exists?
if ($user_counter==0) {
// build query
$query = "INSERT
INTO
user(
user.user_name,
user.user_displayname,
user.user_pass
)
VALUE
(
'$user_name',
'$user_displayname',
'$user_password'
)";
// run query
$user_id = $db->db_insert($query);
// redirect
header_location("userview.php?user_id=" . $user_id);
}
// display error
$comments = "usernameinuse";
break;
case ("vlan") :
// get variables
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
// build query
$query = "INSERT
INTO
vlan(
vlan.vlan_name,
vlan.vlan_number,
vlan.vlan_info
)
VALUE
(
'$vlan_name',
'$vlan_number',
'$vlan_info'
)";
// run query
$vlan_id = $db->db_insert($query);
// redirect
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("vlansubnet") :
// get variables
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
// build query
$query = "INSERT
INTO
subnetvlan(
subnetvlan.subnet_id,
subnetvlan.vlan_id
)
VALUE
(
'$subnet_id',
'$vlan_id'
)";
// run query
$db->db_insert($query);
// redirect
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
// get variables
$zone_origin = sanitize($_POST['zone_origin']);
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
$zone_soa = sanitize($_POST['zone_soa']);
$zone_hostmaster = sanitize($_POST['zone_hostmaster']);
$zone_refresh = sanitize($_POST['zone_refresh']);
$zone_retry = sanitize($_POST['zone_retry']);
$zone_expire = sanitize($_POST['zone_expire']);
$zone_ttl = sanitize($_POST['zone_ttl']);
$zone_serial = sanitize($_POST['zone_serial']);
$zone_ns1 = sanitize($_POST['zone_ns1']);
$zone_ns2 = sanitize($_POST['zone_ns2']);
$zone_ns3 = sanitize($_POST['zone_ns3']);
$zone_mx1 = sanitize($_POST['zone_mx1']);
$zone_mx2 = sanitize($_POST['zone_mx2']);
$zone_info = sanitize($_POST['zone_info']);
// build query
$query = "INSERT
INTO
zone(
zone.zone_origin,
zone.zone_ttl_default,
zone.zone_soa,
zone.zone_hostmaster,
zone.zone_refresh,
zone.zone_retry,
zone.zone_expire,
zone.zone_ttl,
zone.zone_serial,
zone.zone_ns1,
zone.zone_ns2,
zone.zone_ns3,
zone.zone_mx1,
zone.zone_mx2,
zone.zone_info
)
VALUE
(
'$zone_origin',
'$zone_ttl_default',
'$zone_soa',
'$zone_hostmaster',
'$zone_refresh',
'$zone_retry',
'$zone_expire',
'$zone_ttl',
'$zone_serial',
'$zone_ns1',
'$zone_ns2',
'$zone_ns3',
'$zone_mx1',
'$zone_mx2',
'$zone_info'
)";
// run query
$zoneid = $db->db_insert($query);
// redirect
header_location("zoneview.php?zone_id=" . $zoneid);
break;
}
}
if (isset($_POST['del'])) {
switch ($_POST['del']) {
case ("asset") :
// get variables
$asset_id = sanitize($_POST['asset_id']);
// delete asset
// build query
$query = "DELETE
FROM
asset
WHERE
asset.asset_id=" . $asset_id;
// run query
$db->db_delete($query);
// delete nodes
$query = "DELETE
FROM
node
WHERE
node.asset_id=" . $asset_id;
// run query
$db->db_delete($query);
// redirect
header_location("asset.php");
break;
case ("assetclass") :
// get variables
$assetclass_id = sanitize($_POST['assetclass_id']);
// build query
$query = "DELETE
FROM
assetclass
WHERE
assetclass.assetclass_id=" . $assetclass_id;
// run query
$db->db_delete($query);
// redirect
header_location("assetclass.php");
break;
case ("assetclassgroup") :
// get variables
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
// build query
$query = "DELETE
FROM
assetclassgroup
WHERE
assetclassgroup.assetclassgroup_id=" . $assetclassgroup_id;
// run query
$db->db_delete($query);
// redirect
header_location("assetclassgroup.php");
break;
case ("location") :
// get variables
$location_id = sanitize($_POST['location_id']);
// build query
$query = "DELETE
FROM
location
WHERE
location.location_id=" . $location_id;
// run query
$db->db_delete($query);
// redirect
header_location("location.php");
break;
case ("locationsubnet") :
// get variables
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
// build query
$query = "DELETE
FROM
subnetlocation
WHERE
subnetlocation.location_id=" . $location_id . "
AND subnetlocation.subnet_id=" . $subnet_id;
// run query
$db->db_delete($query);
// redirect
header_location("locationview.php?location_id=" . $location_id);
break;
case ("nat") :
// get variables
$node_id_ext = sanitize($_POST['node_id_ext']);
$node_id_int = sanitize($_POST['node_id_int']);
// build query
$query = "DELETE
FROM
nat
WHERE
nat.nat_ext=" . $node_id_ext . "
AND nat.nat_int=" . $node_id_int;
// run query
$db->db_delete($query);
// redirect
header_location("nodeview.php?node_id=" . $node_id_ext);
break;
case ("node") :
// get variables
$node_id = sanitize($_POST['node_id']);
$asset_id = sanitize($_POST['asset_id']);
// build query
$query = "DELETE
FROM
node
WHERE
node.node_id=" . $node_id;
// run query
$db->db_delete($query);
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
break;
case ("subnet") :
// get variables
$subnet_id = sanitize($_POST['subnet_id']);
// delete subnet
// build query
$query = "DELETE
FROM
subnet
WHERE
subnet.subnet_id=" . $subnet_id;
// run query
$db->db_delete($query);
// delete nodes
// build query
$query = "DELETE
FROM
node
WHERE
subnet_id=" . $subnet_id;
// run query
$db->db_delete($query);
// redirect
header_location("subnet.php");
break;
case ("subnetlocation") :
// get variables
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
// build query
$query = "DELETE
FROM
subnetlocation
WHERE
subnetlocation.location_id=" . $location_id . "
AND subnetlocation.subnet_id=" . $subnet_id;
// run query
$db->db_delete($query);
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("subnetvlan") :
// get variables
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
// build query
$query = "DELETE
FROM
subnetvlan
WHERE
subnetvlan.subnet_id=" . $subnet_id . "
AND subnetvlan.vlan_id=" . $vlan_id;
// run query
$db->db_delete($query);
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
// get variables
$user_id = sanitize($_POST['user_id']);
// build query
$query = "DELETE
FROM
user
WHERE
user.user_id=" . $user_id;
// run query
$db->db_delete($query);
// redirect
header_location("user.php");
break;
case ("vlan") :
// get variables
$vlan_id = sanitize($_POST['vlan_id']);
// build query
$query = "DELETE
FROM
vlan
WHERE
vlan.vlan_id=" . $vlan_id;
// run query
$db->db_delete($query);
// redirect
header_location("vlan.php");
break;
case ("vlansubnet") :
// get variables
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
// build query
$query = "DELETE
FROM
subnetvlan
WHERE
subnetvlan.subnet_id=" . $subnet_id . "
AND subnetvlan.vlan_id=" . $vlan_id;
// run query
$db->db_delete($query);
// redirect
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
// get variables
$zone_id = sanitize($_POST['zone_id']);
// build query
$query = "DELETE
FROM
zone
WHERE
zone_id=" . $zone_id;
// run query
$db->db_delete($query);
// redirect
header_location("zone.php");
break;
}
}
if (isset($_POST['edit'])) {
switch ($_POST['edit']) {
case ("asset") :
// get variables
$asset_id = sanitize($_POST['asset_id']);
$asset_name = sanitize($_POST['asset_name']);
$asset_info = sanitize($_POST['asset_info']);
$asset_hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
// build query
$query = "UPDATE
asset
SET
asset.asset_name='$asset_name',
asset.asset_info='$asset_info',
asset.asset_hostname='$asset_hostname',
asset.assetclass_id='$assetclass_id'
WHERE
asset.asset_id=" . $asset_id;
// run query
$db->db_update($query);
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
case ("assetclass") :
// get variables
$assetclass_id = sanitize($_POST['assetclass_id']);
$assetclass_name = sanitize($_POST['assetclass_name']);
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
// build query
$query = "UPDATE
assetclass
SET
assetclass.assetclass_name='$assetclass_name',
assetclass.assetclassgroup_id='$assetclassgroup_id'
WHERE
assetclass.assetclass_id=" . $assetclass_id;
// run query
$db->db_update($query);
// redirect
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
break;
case ("assetclassgroup") :
// get variables
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
$assetclassgroup_name = sanitize($_POST['assetclassgroup_name']);
$assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
// update db
$query = "UPDATE
assetclassgroup
SET
assetclassgroup.assetclassgroup_name='$assetclassgroup_name',
assetclassgroup.assetclassgroup_color='$assetclassgroup_color'
WHERE
assetclassgroup.assetclassgroup_id=" . $assetclassgroup_id;
// run query
$db->db_update($query);
// redirect
header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
break;
case ("location") :
// get variables
$location_id = sanitize($_POST['location_id']);
$location_name = sanitize($_POST['location_name']);
$location_info = sanitize($_POST['location_info']);
$parentlocation_id = sanitize($_POST['parentlocation_id']);
// update db
$query = "UPDATE
location
SET
location.location_name='$location_name',
location.location_parent='$parentlocation_id',
location.location_info='$location_info'
WHERE
location.location_id=" . $location_id;
// run query
$db->db_update($query);
// redirect
header_location("locationview.php?location_id=" . $location_id);
break;
case ("node") :
// get variables
$node_id = sanitize($_POST['node_id']);
$asset_id = sanitize($_POST['asset_id']);
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
$node_mac = strip_mac(sanitize($_POST['node_mac']));
$node_dns1 = sanitize($_POST['node_dns1']);
$node_dns2 = sanitize($_POST['node_dns2']);
$node_info = sanitize($_POST['node_info']);
$zone_id = sanitize($_POST['zone_id']);
// update db
$query = "UPDATE
node
SET
node.asset_id='$asset_id',
node.node_ip='$node_ip',
node.subnet_id='$subnet_id',
node.node_mac='$node_mac',
node.node_dns1='$node_dns1',
node.node_dns2='$node_dns2',
node.node_info='$node_info',
node.zone_id='$zone_id'
WHERE
node.node_id=" . $node_id;
// run query
$db->db_update($query);
// redirect
header_location("nodeview.php?node_id=" . $node_id);
break;
case ("optionsdisplay") :
// get variables
$user_id = $_SESSION['suser_id'];
$user_language = $_POST['user_language'];
$user_imagesize = sanitize($_POST['user_imagesize']);
$user_imagecount = sanitize($_POST['user_imagecount']);
$user_mac = sanitize($_POST['user_mac']);
$user_dateformat = sanitize($_POST['user_dateformat']);
$user_dns1suffix = sanitize($_POST['user_dns1suffix']);
$user_dns2suffix = sanitize($_POST['user_dns2suffix']);
$user_menu_assets = sanitize($_POST['user_menu_assets']);
$user_menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
$user_menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
$user_menu_locations = sanitize($_POST['user_menu_locations']);
$user_menu_nodes = sanitize($_POST['user_menu_nodes']);
$user_menu_subnets = sanitize($_POST['user_menu_subnets']);
$user_menu_users = sanitize($_POST['user_menu_users']);
$user_menu_vlans = sanitize($_POST['user_menu_vlans']);
$user_menu_zones = sanitize($_POST['user_menu_zones']);
$user_tooltips = sanitize($_POST['user_tooltips']);
// update db
$query = "UPDATE
user
SET
user.user_language='" . $user_language . "',
user.user_imagesize='" . $user_imagesize . "',
user.user_imagecount='" . $user_imagecount . "',
user.user_mac='" . $user_mac . "',
user.user_dateformat='" . $user_dateformat . "',
user.user_dns1suffix='" . $user_dns1suffix . "',
user.user_dns2suffix='" . $user_dns2suffix . "',
user.user_menu_assets='" . $user_menu_assets . "',
user.user_menu_assetclasses='" . $user_menu_assetclasses . "',
user.user_menu_assetclassgroups='" . $user_menu_assetclassgroups . "',
user.user_menu_locations='" . $user_menu_locations . "',
user.user_menu_nodes='" . $user_menu_nodes . "',
user.user_menu_subnets='" . $user_menu_subnets . "',
user.user_menu_users='" . $user_menu_users . "',
user.user_menu_vlans='" . $user_menu_vlans . "',
user.user_menu_zones='" . $user_menu_zones . "',
user.user_tooltips='" . $user_tooltips . "'
WHERE
user.user_id=" . $user_id;
// update session
$_SESSION['suser_language'] = $user_language;
$_SESSION['suser_imagesize'] = $user_imagesize;
$_SESSION['suser_imagecount'] = $user_imagecount;
$_SESSION['suser_mac'] = $user_mac;
$_SESSION['suser_dateformat'] = $user_dateformat;
$_SESSION['suser_dns1suffix'] = $user_dns1suffix;
$_SESSION['suser_dns2suffix'] = $user_dns2suffix;
$_SESSION['suser_menu_assets'] = $user_menu_assets;
$_SESSION['suser_menu_assetclasses'] = $user_menu_assetclasses;
$_SESSION['suser_menu_assetclassgroups'] = $user_menu_assetclassgroups;
$_SESSION['suser_menu_locations'] = $user_menu_locations;
$_SESSION['suser_menu_nodes'] = $user_menu_nodes;
$_SESSION['suser_menu_subnets'] = $user_menu_subnets;
$_SESSION['suser_menu_users'] = $user_menu_users;
$_SESSION['suser_menu_vlans'] = $user_menu_vlans;
$_SESSION['suser_menu_zones'] = $user_menu_zones;
$_SESSION['suser_tooltips'] = $user_tooltips;
// run query
$db->db_update($query);
// redirect
header_location("options.php");
break;
case ("optionspassword") :
// get variables
$user_id = $_SESSION['suser_id'];
$user_currentpass = sanitize($_POST['user_currentpass']);
$user_newpass1 = sanitize($_POST['user_newpass1']);
$user_newpass2 = sanitize($_POST['user_newpass2']);
// get current pass from db
$query = "SELECT
user.user_pass
FROM
user
WHERE
user.user_id='" . $user_id . "'";
// run query
$user = $db->db_select($query);
// check current pass
if(!strcmp(md5($user_currentpass), $user[0]['user_pass'])) {
if(!strcmp($user_newpass1, $user_newpass2)) {
// update db
$query = "UPDATE
user
SET
user.user_pass='" . md5($user_newpass1) . "'
WHERE
user.user_id=" . $user_id;
// run query
$db->db_update($query);
// redirect
header_location("options.php");
}
}
break;
case ("subnet") :
// get variables
$subnet_id = sanitize($_POST['subnet_id']);
$subnet_address= sanitize($_POST['subnet_address']);
$subnet_proto_vers = sanitize($_POST['subnet_proto_vers']);
$subnet_mask = sanitize($_POST['subnet_mask']);
$subnet_dhcpstart = sanitize($_POST['subnet_dhcpstart']);
$subnet_dhcpend = sanitize($_POST['subnet_dhcpend']);
$subnet_ntp_server = sanitize($_POST['subnet_ntp_server']);
$subnet_info = sanitize($_POST['subnet_info']);
// update db
$query = "UPDATE
subnet
SET
subnet_address='$subnet_address',
subnet_mask='$subnet_mask',
subnet_dhcp_start='$subnet_dhcpstart',
subnet_dhcp_end='$subnet_dhcpend',
subnet_info='$subnet_info',
protocol_version=$subnet_proto_vers,
ntp_server='$subnet_ntp_server'
WHERE
subnet_id=" . $subnet_id;
// run query
$db->db_update($query);
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
// get variables
$user_id = sanitize($_POST['user_id']);
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
// update db
$query = "UPDATE
user
SET
user.user_name='" . $user_name . "',
user.user_displayname='" . $user_displayname . "'
WHERE
user.user_id=" . $user_id;
// run query
$db->db_update($query);
// redirect
header_location("userview.php?user_id=" . $user_id);
break;
case ("vlan") :
// get variables
$vlan_id = sanitize($_POST['vlan_id']);
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
// update db
$query = "UPDATE
vlan
SET
vlan.vlan_name='$vlan_name',
vlan.vlan_number='$vlan_number',
vlan.vlan_info='$vlan_info'
WHERE
vlan.vlan_id=" . $vlan_id;
// run query
$db->db_update($query);
// redirect
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
// get variables
$zone_id = sanitize($_POST['zone_id']);
$zone_origin = sanitize($_POST['zone_origin']);
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
$zone_soa = sanitize($_POST['zone_soa']);
$zone_hostmaster = sanitize($_POST['zone_hostmaster']);
$zone_refresh = sanitize($_POST['zone_refresh']);
$zone_retry = sanitize($_POST['zone_retry']);
$zone_expire = sanitize($_POST['zone_expire']);
$zone_ttl = sanitize($_POST['zone_ttl']);
$zone_serial = sanitize($_POST['zone_serial']);
$zone_ns1 = sanitize($_POST['zone_ns1']);
$zone_ns2 = sanitize($_POST['zone_ns2']);
$zone_ns3 = sanitize($_POST['zone_ns3']);
$zone_mx1 = sanitize($_POST['zone_mx1']);
$zone_mx2 = sanitize($_POST['zone_mx2']);
$zone_info = sanitize($_POST['zone_info']);
// update db
$query = "UPDATE
zone
SET
zone_origin='$zone_origin',
zone_ttl_default='$zone_ttl_default',
zone_soa='$zone_soa',
zone_hostmaster='$zone_hostmaster',
zone_refresh='$zone_refresh',
zone_retry='$zone_retry',
zone_expire='$zone_expire',
zone_ttl='$zone_ttl',
zone_serial='$zone_serial',
zone_ns1='$zone_ns1',
zone_ns2='$zone_ns2',
zone_ns3='$zone_ns3',
zone_mx1='$zone_mx1',
zone_mx2='$zone_mx2',
zone_info='$zone_info'
WHERE
zone_id=" . $zone_id;
// run query
$db->db_update($query);
// redirect
header_location("zoneview.php?zone_id=" . $zone_id);
break;
}
}
}
// still not redirected, check for error
if(empty($comments)) {
$comments = "error";
}
// redirect
header_location("comments.php?comments=" . $comments);
?>