<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if ($_SERVER['REQUEST_METHOD'] != "POST") {
header_location("comments.php?comments=" . $comments);
exit;
}
if (isset($_POST['redirect'])) {
switch ($_POST['redirect']) {
case ("assigniptonode") :
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("assignnodetoasset") :
header_location("assignnodetoasset.php?subnet_id=" . $subnet_id . "& node_ip=" . $node_ip);
break;
case ("nodeadd") :
header_location("nodeadd.php?subnet_id=" . $subnet_id . "& node_ip=" . $node_ip);
break;
}
break;
case ("locationsubnet") :
$location_id = sanitize($_POST['location_id']);
switch ($_POST['action']) {
case ("locationsubnetadd") :
header_location("locationsubnetadd.php?location_id=" . $location_id);
break;
case ("locationsubnetdel") :
header_location("locationsubnetdel.php?location_id=" . $location_id);
break;
}
break;
case ("nat") :
$node_id = sanitize($_POST['node_id']);
switch ($_POST['action']) {
case ("natadd") :
header_location("natadd.php?node_id=" . $node_id);
break;
case ("natdel") :
header_location("natdel.php?node_id=" . $node_id);
break;
}
break;
case ("subnetlocation") :
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("subnetlocationadd") :
header_location("subnetlocationadd.php?subnet_id=" . $subnet_id);
break;
case ("subnetlocationdel") :
header_location("subnetlocationdel.php?subnet_id=" . $subnet_id);
break;
}
break;
case ("subnetvlan") :
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("subnetvlanadd") :
header_location("subnetvlanadd.php?subnet_id=" . $subnet_id);
break;
case ("subnetvlandel") :
header_location("subnetvlandel.php?subnet_id=" . $subnet_id);
break;
}
break;
case ("vlansubnet") :
$vlan_id = sanitize($_POST['vlan_id']);
switch ($_POST['action']) {
case ("vlansubnetadd") :
header_location("vlansubnetadd.php?vlan_id=" . $vlan_id);
break;
case ("vlansubnetdel") :
header_location("vlansubnetdel.php?vlan_id=" . $vlan_id);
break;
}
break;
}
}
if (isset($_POST['add'])) {
switch ($_POST['add']) {
case ("asset") :
$asset_name = sanitize($_POST['asset_name']);
$asset_hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
$asset_info = sanitize($_POST['asset_info']);
$query = "INSERT
INTO
asset(
asset_name,
asset_hostname,
assetclass_id,
asset_info
)
VALUE
(
'$asset_name',
'$asset_hostname',
'$assetclass_id',
'$asset_info'
)";
$asset_id = $db->db_insert($query);
header_location("assetview.php?asset_id=" . $asset_id);
break;
case ("assetclass") :
$assetclass_name = sanitize($_POST['assetclass_name']);
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
$query = "INSERT
INTO
assetclass(
assetclass_name,
assetclassgroup_id
)
VALUE
(
'$assetclass_name',
'$assetclassgroup_id'
)";
$assetclass_id = $db->db_insert($query);
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
break;
case ("assetclassgroup") :
$assetclassgroup_name = sanitize($_POST['assetclassgroup_name']);
$assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
$query = "INSERT
INTO
assetclassgroup(
assetclassgroup_name,
assetclassgroup_color
)
VALUE
(
'$assetclassgroup_name',
'$assetclassgroup_color'
)";
$assetclassgroup_id = $db->db_insert($query);
header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
break;
case ("assignnodetoasset") :
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
$asset_id = sanitize($_POST['asset_id']);
$node_mac = strip_mac(sanitize($_POST['node_mac']));
if ((!empty($_POST['node_dns1']) & & isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1']));
if ((!empty($_POST['node_dns2']) & & isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2']));
$node_info = $_POST['node_info'];
$query = "INSERT
INTO
node(
node_ip,
node_mac,
node_dns1,
node_dns2,
subnet_id,
asset_id,
node_info
)
VALUE
(
'$node_ip',
'$node_mac',
'$node_dns1',
'$node_dns2',
'$subnet_id',
'$asset_id',
'$node_info'
)";
$node_id = $db->db_insert($query);
header_location("nodeview.php?node_id=" . $node_id);
break;
case ("assignlocationtosubnet") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
$query = "INSERT
INTO
subnetlocation(
location_id,
subnet_id
)
VALUE
(
'$location_id',
'$subnet_id'
)";
$db->db_insert($query);
header_location("Location: location.php");
break;
case ("assignsubnettovlan") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
$query = "UPDATE
subnet
SET
vlan_id='$vlan_id'
WHERE
subnet_id='$subnet_id'";
$db->db_update($query);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("location") :
$location_name = sanitize($_POST['location_name']);
$location_parent = sanitize($_POST['location_parent']);
$location_info = sanitize($_POST['location_info']);
$query = "INSERT
INTO
location(
location_name,
location_parent,
location_info
)
VALUE
(
'$location_name',
'$location_parent',
'$location_info'
)";
$location_id = $db->db_insert($query);
header_location("locationview.php?location_id=" . $location_id);
break;
case ("locationsubnet") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
$query = "INSERT
INTO
subnetlocation(
location_id,
subnet_id
)
VALUE
(
'$location_id',
'$subnet_id'
)";
$newid = $db->db_insert($query);
header_location("locationview.php?location_id=" . $location_id);
break;
case ("nat") :
$node_id_ext = sanitize($_POST['node_id_ext']);
$node_id_int = sanitize($_POST['node_id_int']);
$nat_type = sanitize($_POST['nat_type']);
$query = "INSERT
INTO
nat(
nat_ext,
nat_int,
nat_type
)
VALUE
(
'$node_id_ext',
'$node_id_int',
'$nat_type'
)";
$db->db_insert($query);
header_location("nodeview.php?node_id=" . $node_id_ext);
break;
case ("node") :
$asset_name = sanitize($_POST['asset_name']);
$asset_hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
$ip = sanitize($_POST['node_ip']);
$mac = strip_mac(sanitize($_POST['node_mac']));
if ((!empty($_POST['node_dns1']) & & isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1']));
if ((!empty($_POST['node_dns2']) & & isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2']));
$node_info = sanitize($_POST['node_info']);
$subnet_id = $_POST['subnet_id'];
$query = "INSERT
INTO
asset(
asset_name,
asset_hostname,
assetclass_id
)
VALUE
(
'$asset_name',
'$asset_hostname',
'$assetclass_id'
)";
$asset_id = $db->db_insert($query);
$query = "INSERT
INTO
node(
node_ip,
node_mac,
node_dns1,
node_dns2,
node_info,
subnet_id,
asset_id
)
VALUE
(
'$ip',
'$mac',
'$dns1',
'$dns2',
'$node_info',
'$subnet_id',
'$asset_id'
)";
$node_id = $db->db_insert($query);
header_location("nodeview.php?node_id=" . $node_id);
break;
case ("subnet") :
$subnet_address= sanitize($_POST['subnet_address']);
$subnet_mask = sanitize($_POST['subnet_mask']);
$subnet_info = sanitize($_POST['subnet_info']);
$query = "INSERT
INTO
subnet(
subnet_address,
subnet_mask,
subnet_info
)
VALUE
(
'$subnet_address',
'$subnet_mask',
'$subnet_info'
)";
$subnet_id = $db->db_insert($query);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("subnetlocation") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
$query = "INSERT
INTO
subnetlocation(
location_id,
subnet_id
)
VALUE
(
'$location_id',
'$subnet_id'
)";
$db->db_insert($query);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("subnetvlan") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
$query = "INSERT
INTO
subnetvlan(
subnet_id,
vlan_id
)
VALUE
(
'$subnet_id',
'$vlan_id'
)";
$db->db_insert($query);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
$user_name = strtolower(sanitize($_POST['user_name']));
$user_displayname = sanitize($_POST['user_displayname']);
$user_password = md5(sanitize($_POST['user_password']));
$query = "SELECT
user_name
FROM
user
WHERE
user_name='$user_name'";
$users = $db->db_select($query);
$user_counter = count($users);
if ($user_counter==0) {
$query = "INSERT
INTO
user(
user_name,
user_displayname,
user_pass
)
VALUE
(
'$user_name',
'$user_displayname',
'$user_password'
)";
$user_id = $db->db_insert($query);
header_location("userview.php?user_id=" . $user_id);
}
$comments = "usernameinuse";
break;
case ("vlan") :
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
$query = "INSERT
INTO
vlan(
vlan_name,
vlan_number,
vlan_info
)
VALUE
(
'$vlan_name',
'$vlan_number',
'$vlan_info'
)";
$vlan_id = $db->db_insert($query);
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("vlansubnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
$query = "INSERT
INTO
subnetvlan(
subnet_id,
vlan_id
)
VALUE
(
'$subnet_id',
'$vlan_id'
)";
$db->db_insert($query);
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
$zone_origin = sanitize($_POST['zone_origin']);
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
$zone_soa = sanitize($_POST['zone_soa']);
$zone_hostmaster = sanitize($_POST['zone_hostmaster']);
$zone_refresh = sanitize($_POST['zone_refresh']);
$zone_retry = sanitize($_POST['zone_retry']);
$zone_expire = sanitize($_POST['zone_expire']);
$zone_ttl = sanitize($_POST['zone_ttl']);
$zone_serial = sanitize($_POST['zone_serial']);
$zone_ns1 = sanitize($_POST['zone_ns1']);
$zone_ns2 = sanitize($_POST['zone_ns2']);
$zone_ns3 = sanitize($_POST['zone_ns3']);
$zone_mx1 = sanitize($_POST['zone_mx1']);
$zone_mx2 = sanitize($_POST['zone_mx2']);
$zone_info = sanitize($_POST['zone_info']);
$query = "INSERT
INTO
zone(
zone_origin,
zone_ttl_default,
zone_soa,
zone_hostmaster,
zone_refresh,
zone_retry,
zone_expire,
zone_ttl,
zone_serial,
zone_ns1,
zone_ns2,
zone_ns3,
zone_mx1,
zone_mx2,
zone_info
)
VALUE
(
'$zone_origin',
'$zone_ttl_default',
'$zone_soa',
'$zone_hostmaster',
'$zone_refresh',
'$zone_retry',
'$zone_expire',
'$zone_ttl',
'$zone_serial',
'$zone_ns1',
'$zone_ns2',
'$zone_ns3',
'$zone_mx1',
'$zone_mx2',
'$zone_info'
)";
$zoneid = $db->db_insert($query);
header_location("zoneview.php?zone_id=" . $zoneid);
break;
}
}
if (isset($_POST['del'])) {
switch ($_POST['del']) {
case ("asset") :
$asset_id = sanitize($_POST['asset_id']);
$query = "DELETE
FROM
asset
WHERE
asset_id=" . $asset_id;
$db->db_delete($query);
$query = "DELETE
FROM
node
WHERE
asset_id=" . $asset_id;
$db->db_delete($query);
header_location("asset.php");
break;
case ("assetclass") :
$assetclass_id = sanitize($_POST['assetclass_id']);
$query = "DELETE
FROM
assetclass
WHERE
assetclass_id=" . $assetclass_id;
$db->db_delete($query);
header_location("assetclass.php");
break;
case ("assetclassgroup") :
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
$query = "DELETE
FROM
assetclassgroup
WHERE
assetclassgroup_id=" . $assetclassgroup_id;
$db->db_delete($query);
header_location("assetclassgroup.php");
break;
case ("location") :
$location_id = sanitize($_POST['location_id']);
$query = "DELETE
FROM
location
WHERE
location_id=" . $location_id;
$db->db_delete($query);
header_location("location.php");
break;
case ("locationsubnet") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
$query = "DELETE
FROM
subnetlocation
WHERE
location_id=" . $location_id . "
AND subnet_id=" . $subnet_id;
$db->db_delete($query);
header_location("locationview.php?location_id=" . $location_id);
break;
case ("nat") :
$node_id_ext = sanitize($_POST['node_id_ext']);
$node_id_int = sanitize($_POST['node_id_int']);
$query = "DELETE
FROM
nat
WHERE
nat_ext=" . $node_id_ext . "
AND nat_int=" . $node_id_int;
$db->db_delete($query);
header_location("nodeview.php?node_id=" . $node_id_ext);
break;
case ("node") :
$node_id = sanitize($_POST['node_id']);
$asset_id = sanitize($_POST['asset_id']);
$query = "DELETE
FROM
node
WHERE
node_id=" . $node_id;
$db->db_delete($query);
header_location("assetview.php?asset_id=" . $asset_id);
break;
case ("subnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$query = "DELETE
FROM
subnet
WHERE
subnet_id=" . $subnet_id;
$db->db_delete($query);
$query = "DELETE
FROM
node
WHERE
subnet_id=" . $subnet_id;
$db->db_delete($query);
header_location("subnet.php");
break;
case ("subnetlocation") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
$query = "DELETE
FROM
subnetlocation
WHERE
location_id=" . $location_id . "
AND subnet_id=" . $subnet_id;
$db->db_delete($query);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("subnetvlan") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
$query = "DELETE
FROM
subnetvlan
WHERE
subnet_id=" . $subnet_id . "
AND vlan_id=" . $vlan_id;
$db->db_delete($query);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
$user_id = sanitize($_POST['user_id']);
$query = "DELETE
FROM
user
WHERE
user_id=" . $user_id;
$db->db_delete($query);
header_location("user.php");
break;
case ("vlan") :
$vlan_id = sanitize($_POST['vlan_id']);
$query = "DELETE
FROM
vlan
WHERE
vlan_id=" . $vlan_id;
$db->db_delete($query);
header_location("vlan.php");
break;
case ("vlansubnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
$query = "DELETE
FROM
subnetvlan
WHERE
subnet_id=" . $subnet_id . "
AND vlan_id=" . $vlan_id;
$db->db_delete($query);
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
$zone_id = sanitize($_POST['zone_id']);
$query = "DELETE
FROM
zone
WHERE
zone_id=" . $zone_id;
$db->db_delete($query);
header_location("zone.php");
break;
}
}
if (isset($_POST['edit'])) {
switch ($_POST['edit']) {
case ("asset") :
$asset_id = sanitize($_POST['asset_id']);
$asset_name = sanitize($_POST['asset_name']);
$asset_info = sanitize($_POST['asset_info']);
$asset_hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
$query = "UPDATE
asset
SET
asset_name='$asset_name',
asset_info='$asset_info',
asset_hostname='$asset_hostname',
assetclass_id='$assetclass_id'
WHERE
asset_id=" . $asset_id;
$db->db_update($query);
header_location("assetview.php?asset_id=" . $asset_id);
case ("assetclass") :
$assetclass_id = sanitize($_POST['assetclass_id']);
$assetclass_name = sanitize($_POST['assetclass_name']);
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
$query = "UPDATE
assetclass
SET
assetclass_name='$assetclass_name',
assetclassgroup_id='$assetclassgroup_id'
WHERE
assetclass_id=" . $assetclass_id;
$db->db_update($query);
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
break;
case ("assetclassgroup") :
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
$assetclassgroup_name = sanitize($_POST['assetclassgroup_name']);
$assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color'])));
$query = "UPDATE
assetclassgroup
SET
assetclassgroup_name='$assetclassgroup_name',
assetclassgroup_color='$assetclassgroup_color'
WHERE
assetclassgroup_id=" . $assetclassgroup_id;
$db->db_update($query);
header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
break;
case ("location") :
$location_id = sanitize($_POST['location_id']);
$location_name = sanitize($_POST['location_name']);
$location_info = sanitize($_POST['location_info']);
$parentlocation_id = sanitize($_POST['parentlocation_id']);
$query = "UPDATE
location
SET
location_name='$location_name',
location_parent='$parentlocation_id',
location_info='$location_info'
WHERE
location_id=" . $location_id;
$db->db_update($query);
header_location("locationview.php?location_id=" . $location_id);
break;
case ("node") :
$node_id = sanitize($_POST['node_id']);
$asset_id = sanitize($_POST['asset_id']);
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
$node_mac = strip_mac(sanitize($_POST['node_mac']));
$node_dns1 = sanitize($_POST['node_dns1']);
$node_dns2 = sanitize($_POST['node_dns2']);
$node_info = sanitize($_POST['node_info']);
$zone_id = sanitize($_POST['zone_id']);
$query = "UPDATE
node
SET
asset_id='$asset_id',
node_ip='$node_ip',
subnet_id='$subnet_id',
node_mac='$node_mac',
node_dns1='$node_dns1',
node_dns2='$node_dns2',
node_info='$node_info',
zone_id='$zone_id'
WHERE
node_id=" . $node_id;
$db->db_update($query);
header_location("nodeview.php?node_id=" . $node_id);
break;
case ("optionsdisplay") :
$user_id = $_SESSION['suser_id'];
$user_language = $_POST['user_language'];
$user_imagesize = sanitize($_POST['user_imagesize']);
$user_imagecount = sanitize($_POST['user_imagecount']);
$user_mac = sanitize($_POST['user_mac']);
$user_dateformat = sanitize($_POST['user_dateformat']);
$user_dns1suffix = sanitize($_POST['user_dns1suffix']);
$user_dns2suffix = sanitize($_POST['user_dns2suffix']);
$user_menu_assets = sanitize($_POST['user_menu_assets']);
$user_menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
$user_menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
$user_menu_locations = sanitize($_POST['user_menu_locations']);
$user_menu_nodes = sanitize($_POST['user_menu_nodes']);
$user_menu_subnets = sanitize($_POST['user_menu_subnets']);
$user_menu_users = sanitize($_POST['user_menu_users']);
$user_menu_vlans = sanitize($_POST['user_menu_vlans']);
$user_menu_zones = sanitize($_POST['user_menu_zones']);
$user_tooltips = sanitize($_POST['user_tooltips']);
$query = "UPDATE
user
SET
user_language='" . $user_language . "',
user_imagesize='" . $user_imagesize . "',
user_imagecount='" . $user_imagecount . "',
user_mac='" . $user_mac . "',
user_dateformat='" . $user_dateformat . "',
user_dns1suffix='" . $user_dns1suffix . "',
user_dns2suffix='" . $user_dns2suffix . "',
user_menu_assets='" . $user_menu_assets . "',
user_menu_assetclasses='" . $user_menu_assetclasses . "',
user_menu_assetclassgroups='" . $user_menu_assetclassgroups . "',
user_menu_locations='" . $user_menu_locations . "',
user_menu_nodes='" . $user_menu_nodes . "',
user_menu_subnets='" . $user_menu_subnets . "',
user_menu_users='" . $user_menu_users . "',
user_menu_vlans='" . $user_menu_vlans . "',
user_menu_zones='" . $user_menu_zones . "',
user_tooltips='" . $user_tooltips . "'
WHERE
user_id=" . $user_id;
$_SESSION['suser_language'] = $user_language;
$_SESSION['suser_imagesize'] = $user_imagesize;
$_SESSION['suser_imagecount'] = $user_imagecount;
$_SESSION['suser_mac'] = $user_mac;
$_SESSION['suser_dateformat'] = $user_dateformat;
$_SESSION['suser_dns1suffix'] = $user_dns1suffix;
$_SESSION['suser_dns2suffix'] = $user_dns2suffix;
$_SESSION['suser_menu_assets'] = $user_menu_assets;
$_SESSION['suser_menu_assetclasses'] = $user_menu_assetclasses;
$_SESSION['suser_menu_assetclassgroups'] = $user_menu_assetclassgroups;
$_SESSION['suser_menu_locations'] = $user_menu_locations;
$_SESSION['suser_menu_nodes'] = $user_menu_nodes;
$_SESSION['suser_menu_subnets'] = $user_menu_subnets;
$_SESSION['suser_menu_users'] = $user_menu_users;
$_SESSION['suser_menu_vlans'] = $user_menu_vlans;
$_SESSION['suser_menu_zones'] = $user_menu_zones;
$_SESSION['suser_tooltips'] = $user_tooltips;
$db->db_update($query);
header_location("options.php");
break;
case ("optionspassword") :
$user_id = $_SESSION['suser_id'];
$user_currentpass = sanitize($_POST['user_currentpass']);
$user_newpass1 = sanitize($_POST['user_newpass1']);
$user_newpass2 = sanitize($_POST['user_newpass2']);
$query = "SELECT
user_pass
FROM
user
WHERE
user_id='" . $user_id . "'";
$user = $db->db_select($query);
if (password_verify($user_currentpass, $user[0]['user_pass'])) {
if(!strcmp($user_newpass1, $user_newpass2)) {
$newhash = password_hash($user_newpass1, PASSWORD_BCRYPT);
$query = "UPDATE
user
SET
user_pass='" . $newhash . "'
WHERE
user_id=" . $user_id;
$db->db_update($query);
header_location("options.php");
}
}
break;
case ("subnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$subnet_address= sanitize($_POST['subnet_address']);
$subnet_proto_vers = sanitize($_POST['subnet_proto_vers']);
$subnet_mask = sanitize($_POST['subnet_mask']);
$subnet_dhcpstart = sanitize($_POST['subnet_dhcpstart']);
$subnet_dhcpend = sanitize($_POST['subnet_dhcpend']);
$subnet_ntp_server = sanitize($_POST['subnet_ntp_server']);
$subnet_info = sanitize($_POST['subnet_info']);
$query = "UPDATE
subnet
SET
subnet_address='$subnet_address',
subnet_mask='$subnet_mask',
subnet_dhcp_start='$subnet_dhcpstart',
subnet_dhcp_end='$subnet_dhcpend',
subnet_info='$subnet_info',
protocol_version=$subnet_proto_vers,
ntp_server='$subnet_ntp_server'
WHERE
subnet_id=" . $subnet_id;
$db->db_update($query);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
$user_id = sanitize($_POST['user_id']);
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
$query = "UPDATE
user
SET
user_name='" . $user_name . "',
user_displayname='" . $user_displayname . "'
WHERE
user_id=" . $user_id;
$db->db_update($query);
header_location("userview.php?user_id=" . $user_id);
break;
case ("vlan") :
$vlan_id = sanitize($_POST['vlan_id']);
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
$query = "UPDATE
vlan
SET
vlan_name='$vlan_name',
vlan_number='$vlan_number',
vlan_info='$vlan_info'
WHERE
vlan_id=" . $vlan_id;
$db->db_update($query);
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
$zone_id = sanitize($_POST['zone_id']);
$zone_origin = sanitize($_POST['zone_origin']);
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
$zone_soa = sanitize($_POST['zone_soa']);
$zone_hostmaster = sanitize($_POST['zone_hostmaster']);
$zone_refresh = sanitize($_POST['zone_refresh']);
$zone_retry = sanitize($_POST['zone_retry']);
$zone_expire = sanitize($_POST['zone_expire']);
$zone_ttl = sanitize($_POST['zone_ttl']);
$zone_serial = sanitize($_POST['zone_serial']);
$zone_ns1 = sanitize($_POST['zone_ns1']);
$zone_ns2 = sanitize($_POST['zone_ns2']);
$zone_ns3 = sanitize($_POST['zone_ns3']);
$zone_mx1 = sanitize($_POST['zone_mx1']);
$zone_mx2 = sanitize($_POST['zone_mx2']);
$zone_info = sanitize($_POST['zone_info']);
$query = "UPDATE
zone
SET
zone_origin='$zone_origin',
zone_ttl_default='$zone_ttl_default',
zone_soa='$zone_soa',
zone_hostmaster='$zone_hostmaster',
zone_refresh='$zone_refresh',
zone_retry='$zone_retry',
zone_expire='$zone_expire',
zone_ttl='$zone_ttl',
zone_serial='$zone_serial',
zone_ns1='$zone_ns1',
zone_ns2='$zone_ns2',
zone_ns3='$zone_ns3',
zone_mx1='$zone_mx1',
zone_mx2='$zone_mx2',
zone_info='$zone_info'
WHERE
zone_id=" . $zone_id;
$db->db_update($query);
header_location("zoneview.php?zone_id=" . $zone_id);
break;
}
}
// still not redirected, check for error
if(empty($comments)) {
$comments = "error";
}
header_location("comments.php?comments=" . $comments);
?>