813 lines
33 KiB
PHP
813 lines
33 KiB
PHP
<?php
|
|
/*****************************************************************************
|
|
IP Reg, a PHP/MySQL IPAM tool
|
|
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
|
|
Copyright (C) 2011-2023 Thomas Hooge
|
|
|
|
SPDX-License-Identifier: GPL-3.0-or-later
|
|
*****************************************************************************/
|
|
|
|
include("includes.php");
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] != "POST") {
|
|
header_location("comments.php?comments=" . $comments);
|
|
exit;
|
|
}
|
|
|
|
if (isset($_POST['redirect'])) {
|
|
switch ($_POST['redirect']) {
|
|
|
|
case ("assigniptonode") :
|
|
$node_ip = sanitize($_POST['node_ip']);
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
|
|
switch ($_POST['action']) {
|
|
case ("assignnodetoasset") :
|
|
header_location("assignnodetoasset.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip);
|
|
break;
|
|
case ("nodeadd") :
|
|
header_location("nodeadd.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip);
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case ("locationsubnet") :
|
|
$location_id = sanitize($_POST['location_id']);
|
|
|
|
switch ($_POST['action']) {
|
|
case ("locationsubnetadd") :
|
|
header_location("locationsubnetadd.php?location_id=" . $location_id);
|
|
break;
|
|
case ("locationsubnetdel") :
|
|
header_location("locationsubnetdel.php?location_id=" . $location_id);
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case ("nat") :
|
|
$node_id = sanitize($_POST['node_id']);
|
|
|
|
switch ($_POST['action']) {
|
|
case ("natadd") :
|
|
header_location("natadd.php?node_id=" . $node_id);
|
|
break;
|
|
case ("natdel") :
|
|
header_location("natdel.php?node_id=" . $node_id);
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case ("subnetlocation") :
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
|
|
switch ($_POST['action']) {
|
|
case ("subnetlocationadd") :
|
|
header_location("subnetlocationadd.php?subnet_id=" . $subnet_id);
|
|
break;
|
|
case ("subnetlocationdel") :
|
|
header_location("subnetlocationdel.php?subnet_id=" . $subnet_id);
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case ("subnetvlan") :
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
|
|
switch ($_POST['action']) {
|
|
case ("subnetvlanadd") :
|
|
header_location("subnetvlanadd.php?subnet_id=" . $subnet_id);
|
|
break;
|
|
case ("subnetvlandel") :
|
|
header_location("subnetvlandel.php?subnet_id=" . $subnet_id);
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case ("vlansubnet") :
|
|
$vlan_id = sanitize($_POST['vlan_id']);
|
|
|
|
switch ($_POST['action']) {
|
|
case ("vlansubnetadd") :
|
|
header_location("vlansubnetadd.php?vlan_id=" . $vlan_id);
|
|
break;
|
|
case ("vlansubnetdel") :
|
|
header_location("vlansubnetdel.php?vlan_id=" . $vlan_id);
|
|
break;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (isset($_POST['add'])) {
|
|
switch ($_POST['add']) {
|
|
|
|
case ("asset") :
|
|
$name = sanitize($_POST['asset_name']);
|
|
$hostname = sanitize($_POST['asset_hostname']);
|
|
$assetclass_id = sanitize($_POST['assetclass_id']);
|
|
$info = sanitize($_POST['asset_info']);
|
|
$intf = sanitize($_POST['asset_intf']);
|
|
$asset_type = sanitize($_POST['asset_type']);
|
|
|
|
$sql = "INSERT INTO asset
|
|
(asset_name, asset_hostname, assetclass_id, asset_info,
|
|
asset_intf, asset_type)
|
|
VALUE
|
|
(?, ?, ?, ?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$name, $hostname, $assetclass_id, $info, $intf, $asset_type]);
|
|
|
|
header_location("assetview.php?asset_id=" . $dbh->lastInsertId());
|
|
break;
|
|
|
|
case ("assetclass") :
|
|
$assetclass_name = sanitize($_POST['assetclass_name']);
|
|
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
|
|
|
|
$sql = "INSERT INTO assetclass
|
|
(assetclass_name, assetclassgroup_id)
|
|
VALUE
|
|
(?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$assetclass_name, $assetclassgroup_id]);
|
|
|
|
header_location("assetclassview.php?assetclass_id=" . $dbh->lastInsertId());
|
|
break;
|
|
|
|
case ("assetclassgroup") :
|
|
$name = sanitize($_POST['acg_name']);
|
|
$color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
|
|
$desc = sanitize($_POST['acg_description']);
|
|
|
|
$sql = "INSERT INTO assetclassgroup
|
|
(assetclassgroup_name, assetclassgroup_color, assetclassgroup_description)
|
|
VALUE
|
|
(?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$name, $color, $desc]);
|
|
|
|
header_location("assetclassgroupview.php?assetclassgroup_id=" . $dbh->lastInsertId());
|
|
break;
|
|
|
|
case ("assignnodetoasset") :
|
|
$node_ip = sanitize($_POST['node_ip']);
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
$asset_id = sanitize($_POST['asset_id']);
|
|
$node_mac = strip_mac(sanitize($_POST['node_mac']));
|
|
if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1']));
|
|
if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2']));
|
|
$node_info = $_POST['node_info'];
|
|
|
|
$sql = "INSERT INTO node (
|
|
node_ip,
|
|
node_mac,
|
|
node_dns1,
|
|
node_dns2,
|
|
subnet_id,
|
|
asset_id,
|
|
node_info)
|
|
VALUE
|
|
(?, ?, ?, ?, ?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$node_ip, $node_mac, $node_dns1, $node_dns2,
|
|
$subnet_id, $asset_id, $node_info]);
|
|
|
|
header_location("nodeview.php?node_id=" . $dbh->lastInsertId());
|
|
break;
|
|
|
|
case ("assignlocationtosubnet") :
|
|
$location_id = sanitize($_POST['location_id']);
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
|
|
$sql = "INSERT INTO subnetlocation (location_id, subnet_id)
|
|
VALUE (?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$location_id, $subnet_id]);
|
|
|
|
header_location("Location: location.php?location_id=" . $dbh->lastInsertId());
|
|
break;
|
|
|
|
case ("assignsubnettovlan") :
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
$vlan_id = sanitize($_POST['vlan_id']);
|
|
|
|
$sql = "UPDATE subnet SET vlan_id=? WHERE subnet_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$vlan_id, $subnet_id]);
|
|
|
|
header_location("subnetview.php?subnet_id=" . $subnet_id);
|
|
break;
|
|
|
|
case ("location") :
|
|
$name = sanitize($_POST['location_name']);
|
|
$parent = sanitize($_POST['location_parent']);
|
|
$info = sanitize($_POST['location_info']);
|
|
|
|
$sql = "INSERT INTO location (
|
|
location_name, location_parent, location_info
|
|
)
|
|
VALUE (?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$name, $parent, $info]);
|
|
|
|
header_location("locationview.php?location_id=" . $dbh->lastInsertId());
|
|
break;
|
|
|
|
case ("locationsubnet") :
|
|
$location_id = sanitize($_POST['location_id']);
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
|
|
$sql = "INSERT INTO subnetlocation (location_id, subnet_id)
|
|
VALUE (?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$location_id, $subnet_id]);
|
|
|
|
header_location("locationview.php?location_id=" . $location_id);
|
|
break;
|
|
|
|
case ("nat") :
|
|
$node_id_ext = sanitize($_POST['node_id_ext']);
|
|
$node_id_int = sanitize($_POST['node_id_int']);
|
|
$nat_type = sanitize($_POST['nat_type']);
|
|
|
|
$sql = "INSERT INTO nat (nat_ext, nat_int, nat_type)
|
|
VALUE (?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$node_id_ext, $node_id_int, $nat_type]);
|
|
|
|
header_location("nodeview.php?node_id=" . $node_id_ext);
|
|
break;
|
|
|
|
case ("node") :
|
|
$asset_name = sanitize($_POST['asset_name']);
|
|
$asset_hostname = sanitize($_POST['asset_hostname']);
|
|
$assetclass_id = sanitize($_POST['assetclass_id']);
|
|
$ip = sanitize($_POST['node_ip']);
|
|
$mac = strip_mac(sanitize($_POST['node_mac']));
|
|
if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1']));
|
|
if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2']));
|
|
$node_info = sanitize($_POST['node_info']);
|
|
$subnet_id = $_POST['subnet_id'];
|
|
|
|
$sql = "INSERT INTO asset (asset_name, asset_hostname, assetclass_id)
|
|
VALUE (?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$asset_name, $asset_hostname, $assetclass_id]);
|
|
$asset_id = $dbh->lastInsertId();
|
|
|
|
$sql = "INSERT INTO node (
|
|
node_ip, node_mac, node_dns1, node_dns2, node_info,
|
|
subnet_id, asset_id
|
|
)
|
|
VALUE (?, ?, ?, ?, ?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$ip, $mac, $dns1, $dns2, $node_info, $subnet_id, $asset_id]);
|
|
|
|
header_location("nodeview.php?node_id=" . $dbh->lastInsertId());
|
|
break;
|
|
|
|
case ("subnet") :
|
|
$subnet_address= sanitize($_POST['subnet_address']);
|
|
$subnet_mask = sanitize($_POST['subnet_mask']);
|
|
$subnet_info = sanitize($_POST['subnet_info']);
|
|
|
|
$sql = "INSERT INTO subnet (subnet_address, subnet_mask, subnet_info)
|
|
VALUE (?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$subnet_address, $subnet_mask, $subnet_info]);
|
|
|
|
header_location("subnetview.php?subnet_id=" . $dbh->lastInsertId());
|
|
break;
|
|
|
|
case ("subnetlocation") :
|
|
$location_id = sanitize($_POST['location_id']);
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
|
|
$sql = "INSERT INTO subnetlocation (location_id, subnet_id)
|
|
VALUE (?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$location_id, $subnet_id]);
|
|
|
|
header_location("subnetview.php?subnet_id=" . $subnet_id);
|
|
break;
|
|
|
|
case ("subnetvlan") :
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
$vlan_id = sanitize($_POST['vlan_id']);
|
|
|
|
$sql = "INSERT INTO subnetvlan (subnet_id, vlan_id)
|
|
VALUE (?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$subnet_id, $vlan_id]);
|
|
|
|
header_location("subnetview.php?subnet_id=" . $subnet_id);
|
|
break;
|
|
|
|
case ("user") :
|
|
$user_name = strtolower(sanitize($_POST['user_name']));
|
|
$user_displayname = sanitize($_POST['user_displayname']);
|
|
$user_password = md5(sanitize($_POST['user_password']));
|
|
|
|
// check if username exists
|
|
$sth = $dbh->prepare("SELECT COUNT(*) FROM user WHERE user_name=?");
|
|
$sth->execute([$user_name]);
|
|
|
|
if ($sth->fetchColumn() == 0) {
|
|
$sql = "INSERT INTO user (user_name, user_displayname, user_pass)
|
|
VALUE (?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$user_name, $user_displayname, $user_password]);
|
|
|
|
header_location("userview.php?user_id=" . $dbh->lastInsertId());
|
|
break;
|
|
}
|
|
|
|
$comments = "usernameinuse";
|
|
break;
|
|
|
|
case ("vlan") :
|
|
$vlan_name = sanitize($_POST['vlan_name']);
|
|
$vlan_number = sanitize($_POST['vlan_number']);
|
|
$vlan_info = sanitize($_POST['vlan_info']);
|
|
$vlan_color = sanitize($_POST['vlan_color']);
|
|
|
|
$sql = "INSERT INTO vlan (vlan_name, vlan_number, vlan_color, vlan_info)
|
|
VALUE (?, ?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info]);
|
|
|
|
header_location("vlanview.php?vlan_id=" . $dbh->lastInsertId());
|
|
break;
|
|
|
|
case ("vlansubnet") :
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
$vlan_id = sanitize($_POST['vlan_id']);
|
|
|
|
$sql = "INSERT INTO subnetvlan (subnet_id, vlan_id)
|
|
VALUE (?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$subnet_id, $vlan_id]);
|
|
|
|
header_location("vlanview.php?vlan_id=" . $vlan_id);
|
|
break;
|
|
|
|
case ("zone") :
|
|
$zone_origin = sanitize($_POST['zone_origin']);
|
|
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
|
|
$zone_soa = sanitize($_POST['zone_soa']);
|
|
$zone_hostmaster = sanitize($_POST['zone_hostmaster']);
|
|
$zone_refresh = sanitize($_POST['zone_refresh']);
|
|
$zone_retry = sanitize($_POST['zone_retry']);
|
|
$zone_expire = sanitize($_POST['zone_expire']);
|
|
$zone_ttl = sanitize($_POST['zone_ttl']);
|
|
$zone_serial = sanitize($_POST['zone_serial']);
|
|
$zone_ns1 = sanitize($_POST['zone_ns1']);
|
|
$zone_ns2 = sanitize($_POST['zone_ns2']);
|
|
$zone_ns3 = sanitize($_POST['zone_ns3']);
|
|
$zone_mx1 = sanitize($_POST['zone_mx1']);
|
|
$zone_mx2 = sanitize($_POST['zone_mx2']);
|
|
$zone_info = sanitize($_POST['zone_info']);
|
|
|
|
$sql = "INSERT INTO zone (
|
|
zone_origin, zone_ttl_default, zone_soa, zone_hostmaster,
|
|
zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
|
|
zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info)
|
|
VALUE (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$zone_origin, $zone_ttl_default, $zone_soa, $zone_hostmaster,
|
|
$zone_refresh, $zone_retry, $zone_expire, $zone_ttl, $zone_serial,
|
|
$zone_ns1, $zone_ns2, $zone_ns3, $zone_mx1, $zone_mx2, $zone_info]);
|
|
|
|
header_location("zoneview.php?zone_id=" . $dbh->lastInsertId());
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (isset($_POST['del'])) {
|
|
switch ($_POST['del']) {
|
|
|
|
case ("asset") :
|
|
$asset_id = sanitize($_POST['asset_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM asset WHERE asset_id=?");
|
|
$sth->execute([$asset_id]);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM node WHERE asset_id=?");
|
|
$sth->execute([$asset_id]);
|
|
|
|
header_location("asset.php");
|
|
break;
|
|
|
|
case ("assetclass") :
|
|
$assetclass_id = sanitize($_POST['assetclass_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM assetclass WHERE assetclass_id=?");
|
|
$sth->execute([$assetclass_id]);
|
|
|
|
header_location("assetclass.php");
|
|
break;
|
|
|
|
case ("assetclassgroup") :
|
|
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM assetclassgroup WHERE assetclassgroup_id=?");
|
|
$sth->execute([$assetclassgroup_id]);
|
|
|
|
header_location("assetclassgroup.php");
|
|
break;
|
|
|
|
case ("location") :
|
|
$location_id = sanitize($_POST['location_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM location WHERE location_id=?");
|
|
$sth->execute([$location_id]);
|
|
|
|
header_location("location.php");
|
|
break;
|
|
|
|
case ("locationsubnet") :
|
|
$location_id = sanitize($_POST['location_id']);
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
|
|
$sth->execute([$location_id, $subnet_id]);
|
|
|
|
header_location("locationview.php?location_id=" . $location_id);
|
|
break;
|
|
|
|
case ("nat") :
|
|
$nat_id = sanitize($_POST['nat_id']);
|
|
$node_id_ext = sanitize($_POST['node_id_ext']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM nat WHERE nat_id=?");
|
|
$sth->execute([$nat_id]);
|
|
|
|
header_location("nodeview.php?node_id=" . $node_id_ext);
|
|
break;
|
|
|
|
case ("node") :
|
|
$node_id = sanitize($_POST['node_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM node WHERE node_id=?");
|
|
$sth->execute([$node_id]);
|
|
|
|
header_location("assetview.php?asset_id=" . $asset_id);
|
|
break;
|
|
|
|
case ("subnet") :
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM subnet WHERE subnet_id=?");
|
|
$sth->execute([$subnet_id]);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM node WHERE subnet_id=?");
|
|
$sth->execute([$subnet_id]);
|
|
|
|
header_location("subnet.php");
|
|
break;
|
|
|
|
case ("subnetlocation") :
|
|
$location_id = sanitize($_POST['location_id']);
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
|
|
$sth->execute([$location_id, $subnet_id]);
|
|
|
|
header_location("subnetview.php?subnet_id=" . $subnet_id);
|
|
break;
|
|
|
|
case ("subnetvlan") :
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
$vlan_id = sanitize($_POST['vlan_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?");
|
|
$sth->execute([$subnet_id, $vlan_id]);
|
|
|
|
header_location("subnetview.php?subnet_id=" . $subnet_id);
|
|
break;
|
|
|
|
case ("user") :
|
|
$user_id = sanitize($_POST['user_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM user WHERE user_id=?");
|
|
$sth->execute([$user_id]);
|
|
|
|
header_location("user.php");
|
|
break;
|
|
|
|
case ("vlan") :
|
|
$vlan_id = sanitize($_POST['vlan_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM vlan WHERE vlan_id=?");
|
|
$sth->execute([$vlan_id]);
|
|
|
|
header_location("vlan.php");
|
|
break;
|
|
|
|
case ("vlansubnet") :
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
$vlan_id = sanitize($_POST['vlan_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?");
|
|
$sth->execute([$subnet_id, $vlan_id]);
|
|
|
|
header_location("vlanview.php?vlan_id=" . $vlan_id);
|
|
break;
|
|
|
|
case ("zone") :
|
|
$zone_id = sanitize($_POST['zone_id']);
|
|
|
|
$sth = $dbh->prepare("DELETE FROM zone WHERE zone_id=?");
|
|
$sth->execute([$zone_id]);
|
|
|
|
header_location("zone.php");
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (isset($_POST['edit'])) {
|
|
switch ($_POST['edit']) {
|
|
|
|
case ("asset") :
|
|
$asset_id = sanitize($_POST['asset_id']);
|
|
$asset_name = sanitize($_POST['asset_name']);
|
|
$asset_info = sanitize($_POST['asset_info']);
|
|
$asset_intf = sanitize($_POST['asset_intf']);
|
|
$asset_hostname = sanitize($_POST['asset_hostname']);
|
|
$assetclass_id = sanitize($_POST['assetclass_id']);
|
|
$asset_type = sanitize($_POST['asset_type']);
|
|
|
|
$sql = "UPDATE asset SET
|
|
asset_name=?, asset_info=?, asset_hostname=?,
|
|
assetclass_id=?, asset_intf=?, asset_type=?
|
|
WHERE asset_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$asset_name, $asset_info, $asset_hostname,
|
|
$assetclass_id, $asset_intf, $asset_type,
|
|
$asset_id]);
|
|
|
|
header_location("assetview.php?asset_id=" . $asset_id);
|
|
|
|
case ("assetclass") :
|
|
$assetclass_id = sanitize($_POST['assetclass_id']);
|
|
$assetclass_name = sanitize($_POST['assetclass_name']);
|
|
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
|
|
|
|
$sql = "UPDATE assetclass SET
|
|
assetclass_name=?, assetclassgroup_id=?
|
|
WHERE assetclass_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$assetclass_name, $assetclassgroup_id, $assetclass_id]);
|
|
|
|
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
|
|
break;
|
|
|
|
case ("assetclassgroup") :
|
|
$acg_id = sanitize($_POST['acg_id']);
|
|
$acg_name = sanitize($_POST['acg_name']);
|
|
$acg_desc = sanitize($_POST['acg_description']);
|
|
$acg_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
|
|
|
|
$sql = "UPDATE assetclassgroup SET
|
|
assetclassgroup_name=?, assetclassgroup_color=?, assetclassgroup_description=?
|
|
WHERE assetclassgroup_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$acg_name, $acg_color, $acg_desc, $acg_id]);
|
|
|
|
header_location("assetclassgroupview.php?assetclassgroup_id=" . $acg_id);
|
|
break;
|
|
|
|
case ("location") :
|
|
$location_id = sanitize($_POST['location_id']);
|
|
$location_name = sanitize($_POST['location_name']);
|
|
$location_info = sanitize($_POST['location_info']);
|
|
$parentlocation_id = sanitize($_POST['parentlocation_id']);
|
|
|
|
$sql = "UPDATE location SET
|
|
location_name=?, location_parent=?, location_info=?
|
|
WHERE location_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$location_name, $parentlocation_id, $location_info, $location_id]);
|
|
|
|
header_location("locationview.php?location_id=" . $location_id);
|
|
break;
|
|
|
|
case ("node") :
|
|
$node_id = sanitize($_POST['node_id']);
|
|
$asset_id = sanitize($_POST['asset_id']);
|
|
$node_ip = sanitize($_POST['node_ip']);
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
$node_mac = strip_mac(sanitize($_POST['node_mac']));
|
|
$node_dns1 = sanitize($_POST['node_dns1']);
|
|
$node_dns2 = sanitize($_POST['node_dns2']);
|
|
$node_info = sanitize($_POST['node_info']);
|
|
$zone_id = sanitize($_POST['zone_id']);
|
|
|
|
$sql = "UPDATE node SET
|
|
asset_id=?, node_ip=?, subnet_id=?, node_mac=?,
|
|
node_dns1=?, node_dns2=?, node_info=?, zone_id=?
|
|
WHERE node_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$asset_id, $node_ip, $subnet_id, $node_mac,
|
|
$node_dns1, $node_dns2, $node_info, $zone_id,
|
|
$node_id]);
|
|
|
|
header_location("nodeview.php?node_id=" . $node_id);
|
|
break;
|
|
|
|
case ("optionsdisplay") :
|
|
$id = $_SESSION['suser_id'];
|
|
$language = $_POST['user_language'];
|
|
$imagesize = sanitize($_POST['user_imagesize']);
|
|
$imagecount = sanitize($_POST['user_imagecount']);
|
|
$mac = sanitize($_POST['user_mac']);
|
|
$dateformat = sanitize($_POST['user_dateformat']);
|
|
$dns1suffix = sanitize($_POST['user_dns1suffix']);
|
|
$dns2suffix = sanitize($_POST['user_dns2suffix']);
|
|
$tooltips = sanitize($_POST['user_tooltips']);
|
|
|
|
$menu_assets = sanitize($_POST['user_menu_assets']);
|
|
$menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
|
|
$menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
|
|
$menu_cables = sanitize($_POST['user_menu_cables']);
|
|
$menu_locations = sanitize($_POST['user_menu_locations']);
|
|
$menu_nodes = sanitize($_POST['user_menu_nodes']);
|
|
$menu_subnets = sanitize($_POST['user_menu_subnets']);
|
|
$menu_vlans = sanitize($_POST['user_menu_vlans']);
|
|
$menu_zones = sanitize($_POST['user_menu_zones']);
|
|
|
|
// construct menu set
|
|
$menu = array();
|
|
if ($menu_assets) $menu[] = 'asset';
|
|
if ($menu_assetclasses) $menu[] = 'class';
|
|
if ($menu_assetclassgroups) $menu[] = 'group';
|
|
if ($menu_cables) $menu[] = 'cable';
|
|
if ($menu_locations) $menu[] = 'location';
|
|
if ($menu_nodes) $menu[] = 'node';
|
|
if ($menu_subnets) $menu[] = 'subnet';
|
|
if ($menu_vlans) $menu[] = 'vlan';
|
|
if ($menu_zones) $menu[] = 'zone';
|
|
|
|
$sql = "UPDATE user SET
|
|
user_language=?, user_imagesize=?, user_imagecount=?,
|
|
user_mac=?, user_dateformat=?, user_dns1suffix=?,
|
|
user_dns2suffix=?, user_tooltips=?, user_menu=?
|
|
WHERE
|
|
user_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$language, $imagesize, $imagecount,
|
|
$mac, $dateformat, $dns1suffix,
|
|
$dns2suffix, $tooltips, implode(',', $menu),
|
|
$id]);
|
|
|
|
$_SESSION['suser_language'] = $language;
|
|
$_SESSION['suser_imagesize'] = $imagesize;
|
|
$_SESSION['suser_imagecount'] = $imagecount;
|
|
$_SESSION['suser_mac'] = $mac;
|
|
$_SESSION['suser_dateformat'] = $dateformat;
|
|
$_SESSION['suser_dns1suffix'] = $dns1suffix;
|
|
$_SESSION['suser_dns2suffix'] = $dns2suffix;
|
|
$_SESSION['suser_menu_assets'] = $menu_assets;
|
|
$_SESSION['suser_menu_assetclasses'] = $menu_assetclasses;
|
|
$_SESSION['suser_menu_assetclassgroups'] = $menu_assetclassgroups;
|
|
$_SESSION['suser_menu_cables'] = $menu_cables;
|
|
$_SESSION['suser_menu_locations'] = $menu_locations;
|
|
$_SESSION['suser_menu_nodes'] = $menu_nodes;
|
|
$_SESSION['suser_menu_subnets'] = $menu_subnets;
|
|
$_SESSION['suser_menu_vlans'] = $menu_vlans;
|
|
$_SESSION['suser_menu_zones'] = $menu_zones;
|
|
$_SESSION['suser_tooltips'] = $tooltips;
|
|
|
|
header_location("options.php");
|
|
break;
|
|
|
|
case ("optionspassword") :
|
|
$user_id = $_SESSION['suser_id'];
|
|
$currentpass = sanitize($_POST['user_currentpass']);
|
|
$newpass1 = sanitize($_POST['user_newpass1']);
|
|
$newpass2 = sanitize($_POST['user_newpass2']);
|
|
|
|
$sth = $dbh->prepare("SELECT user_pass FROM user WHERE user_id=?");
|
|
$sth->execute([$user_id]);
|
|
|
|
$userpass = $sth->fetchColumn();;
|
|
|
|
if (password_verify($currentpass, $userpass)) {
|
|
if (!strcmp($newpass1, $newpass2)) {
|
|
$sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
|
|
$newhash = password_hash($newpass1, PASSWORD_BCRYPT);
|
|
$sth->execute([$newhash, $user_id]);
|
|
header_location("options.php");
|
|
}
|
|
}
|
|
// TODO generate errormessages here
|
|
break;
|
|
|
|
case ("subnet") :
|
|
$subnet_id = sanitize($_POST['subnet_id']);
|
|
$subnet_address= sanitize($_POST['subnet_address']);
|
|
$subnet_proto_vers = sanitize($_POST['subnet_proto_vers']);
|
|
$subnet_mask = sanitize($_POST['subnet_mask']);
|
|
$subnet_dhcpstart = sanitize($_POST['subnet_dhcpstart']);
|
|
$subnet_dhcpend = sanitize($_POST['subnet_dhcpend']);
|
|
$subnet_ntp_server = sanitize($_POST['subnet_ntp_server']);
|
|
$subnet_info = sanitize($_POST['subnet_info']);
|
|
|
|
$sql = "UPDATE subnet SET
|
|
subnet_address=?, subnet_mask=?, subnet_dhcp_start=?,
|
|
subnet_dhcp_end=?, subnet_info=?, protocol_version=?,
|
|
ntp_server=?
|
|
WHERE subnet_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$subnet_address, $subnet_mask, $subnet_dhcpstart,
|
|
$subnet_dhcpend, $subnet_info, $subnet_proto_vers,
|
|
$subnet_ntp_server, $subnet_id]);
|
|
|
|
header_location("subnetview.php?subnet_id=" . $subnet_id);
|
|
break;
|
|
|
|
case ("user") :
|
|
$user_id = sanitize($_POST['user_id']);
|
|
$user_name = sanitize($_POST['user_name']);
|
|
$user_displayname = sanitize($_POST['user_displayname']);
|
|
$user_realm = sanitize($_POST['user_realm']);
|
|
// roles
|
|
$role_add = sanitize($_POST['role_add']);
|
|
$role_edit = sanitize($_POST['role_edit']);
|
|
$role_delete = sanitize($_POST['role_delete']);
|
|
$role_manage = sanitize($_POST['role_manage']);
|
|
$role_admin = sanitize($_POST['role_admin']);
|
|
|
|
// construct menu set
|
|
$role = array();
|
|
if ($role_add) $role[] = 'add';
|
|
if ($role_edit) $role[] = 'edit';
|
|
if ($role_delete) $role[] = 'delete';
|
|
if ($role_manage) $role[] = 'manage';
|
|
if ($role_admin) $role[] = 'admin';
|
|
|
|
|
|
$sql = "UPDATE user SET
|
|
user_name=?, user_displayname=?, user_realm=?,
|
|
user_role=?
|
|
WHERE user_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$user_name ,$user_displayname, $user_realm,
|
|
implode(',', $role), $user_id]);
|
|
|
|
header_location("userview.php?user_id=" . $user_id);
|
|
break;
|
|
|
|
case ("vlan") :
|
|
$vlan_id = sanitize($_POST['vlan_id']);
|
|
$vlan_name = sanitize($_POST['vlan_name']);
|
|
$vlan_number = sanitize($_POST['vlan_number']);
|
|
$vlan_info = sanitize($_POST['vlan_info']);
|
|
$vlan_color = sanitize($_POST['vlan_color']);
|
|
|
|
$sql = "UPDATE vlan SET vlan_name=?, vlan_number=?, vlan_color=?, vlan_info=? WHERE vlan_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info, $vlan_id]);
|
|
|
|
header_location("vlanview.php?vlan_id=" . $vlan_id);
|
|
break;
|
|
|
|
case ("zone") :
|
|
$id = sanitize($_POST['zone_id']);
|
|
$origin = sanitize($_POST['zone_origin']);
|
|
$ttl_default = sanitize($_POST['zone_ttl_default']);
|
|
$soa = sanitize($_POST['zone_soa']);
|
|
$hostmaster = sanitize($_POST['zone_hostmaster']);
|
|
$refresh = sanitize($_POST['zone_refresh']);
|
|
$retry = sanitize($_POST['zone_retry']);
|
|
$expire = sanitize($_POST['zone_expire']);
|
|
$ttl = sanitize($_POST['zone_ttl']);
|
|
$serial = sanitize($_POST['zone_serial']);
|
|
$ns1 = sanitize($_POST['zone_ns1']);
|
|
$ns2 = sanitize($_POST['zone_ns2']);
|
|
$ns3 = sanitize($_POST['zone_ns3']);
|
|
$mx1 = sanitize($_POST['zone_mx1']);
|
|
$mx2 = sanitize($_POST['zone_mx2']);
|
|
$info = sanitize($_POST['zone_info']);
|
|
$sql = "UPDATE zone SET
|
|
zone_origin=?, zone_ttl_default=?, zone_soa=?, zone_hostmaster=?,
|
|
zone_refresh=?, zone_retry=?, zone_expire=?, zone_ttl=?, zone_serial=?,
|
|
zone_ns1=?, zone_ns2=?, zone_ns3=?, zone_mx1=?, zone_mx2=?, zone_info=?
|
|
WHERE zone_id=?";
|
|
$sth = $dbh->prepare($sql);
|
|
$sth->execute([$origin, $ttl_default, $soa, $hostmaster, $refresh, $retry,
|
|
$expire, $ttl, $serial, $ns1, $ns2, $ns3, $mx1, $mx2, $info,
|
|
$id]);
|
|
|
|
header_location("zoneview.php?zone_id=" . $zone_id);
|
|
break;
|
|
}
|
|
}
|
|
|
|
// still not redirected, check for error
|
|
if(empty($comments)) {
|
|
$comments = "error";
|
|
}
|
|
header_location("comments.php?comments=" . $comments);
|
|
?>
|