IP Reg is a IPAM tool to keep track of assets, nodes (IP addresses, MAC addresses, DNS aliases) within different subnets, over different locations or even VLAN's. Written in PHP, used with a MySQL-database to have a unique insight in your local network.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
ipreg/submit.php

587 lines
21 KiB

<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2008 Wietse Warendorff
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
For more information, visit http://sourceforge.net/projects/ipreg,
or contact me at wietsew@users.sourceforge.net
*****************************************************************************/
// includes
include("includes.php");
// check for submit
if ($_SERVER['REQUEST_METHOD']=="POST") {
// check for action
if (isset($_POST['add'])) {
switch ($_POST['add']) {
case ("asset") :
// get variables
$asset_name = $_POST['asset_name'];
$hostname = $_POST['hostname'];
$assetclass_id = $_POST['assetclass_id'];
$asset_info = $_POST['asset_info'];
// check permission
auth("asset", $config_auth_assetadd, 0);
// update db
mysql_query("INSERT INTO asset(asset_name, hostname, assetclass_id, asset_info) VALUE ('$asset_name', '$hostname', '$assetclass_id', '$asset_info')") or die(mysql_error());
$asset_id = mysql_insert_id();
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
break;
case ("assetclass") :
// get variables
$assetclass_name = $_POST['assetclass_name'];
$assetclassgroup_id = $_POST['assetclassgroup_id'];
// check permission
auth("assetclass", $config_auth_assetclassadd, 0);
// update db
mysql_query("INSERT INTO assetclass (assetclass_name, assetclassgroup_id) VALUE ('$assetclass_name', '$assetclassgroup_id')") or die(mysql_error());
$assetclass_id = mysql_insert_id();
// redirect
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
break;
case ("assetclassgroup") :
// get variables
$assetclassgroup_name = $_POST['assetclassgroup_name'];
$color = strtoupper($_POST['color']);
$color = preg_replace("|[^a-zA-Z0-9]|", "", $color);
// check permission
auth("assetclassgroup", $config_auth_assetclassgroupadd, 0);
// update db
mysql_query("INSERT INTO assetclassgroup (assetclassgroup_name, color) VALUE ('$assetclassgroup_name', '$color')") or die(mysql_error());
$assetclassgroup_id = mysql_insert_id();
// redirect
header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
break;
case ("assigniptoasset") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_assigniptoasset) {
// get variables
$ip = $_POST['ip'];
$subnet_id = $_POST['subnet_id'];
$asset_id = $_POST['asset_id'];
$mac = strip_mac($_POST['mac']);
if ((!empty($_POST['dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = $_POST['dns1'] . $config_dns1suffix : $dns1 = $_POST['dns1']);
if ((!empty($_POST['dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = $_POST['dns2'] . $config_dns2suffix : $dns2 = $_POST['dns2']);
$node_info = $_POST['node_info'];
// update db
mysql_query("INSERT INTO node (ip, mac, dns1, dns2, subnet_id, asset_id, node_info) VALUE ('$ip', '$mac', '$dns1', '$dns2', '$subnet_id', '$asset_id', '$node_info')") or die(mysql_error());
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
}
break;
case ("assignlocationtosubnet") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_assignlocationtosubnet) {
// get variables
$location_id = $_POST['location_id'];
$subnet_id = $_POST['subnet_id'];
// update db
mysql_query("INSERT INTO subnetlocation (location_id, subnet_id) VALUE ('$location_id', '$subnet_id')") or die(mysql_error());
// redirect
header_location("Location: location.php");
}
break;
case ("assignvlantosubnet") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_assignvlantosubnet) {
// get variables
$vlan_id = $_POST['vlan_id'];
$subnet_id = $_POST['subnet_id'];
// update db
mysql_query("UPDATE subnet SET vlan_id='$vlan_id' WHERE subnet_id='$subnet_id'") or die(mysql_error());
// redirect
header_location("vlanview.php?vlan_id=" . $vlan_id);
}
break;
case ("location") :
// get variables
$location_name = $_POST['location_name'];
$parent = $_POST['parent'];
$location_info = $_POST['location_info'];
// check permission
auth("location", $config_auth_locationadd, 0);
// update db
mysql_query("INSERT INTO location (location_name, parent, location_info) VALUE ('$location_name', '$parent', '$location_info')") or die(mysql_error());
$location_id = mysql_insert_id();
// redirect
header_location("locationview.php?location_id=" . $location_id);
break;
case ("node") :
// get variables
$asset_name = $_POST['asset_name'];
$hostname = $_POST['hostname'];
$assetclass_id = $_POST['assetclass_id'];
$ip = $_POST['ip'];
$mac = strip_mac($_POST['mac']);
if ((!empty($_POST['dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = $_POST['dns1'] . $config_dns1suffix : $dns1 = $_POST['dns1']);
if ((!empty($_POST['dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = $_POST['dns2'] . $config_dns2suffix : $dns2 = $_POST['dns2']);
$subnet_id = $_POST['subnet_id'];
// check permission
auth("node", $config_auth_nodeadd, 0);
$result = mysql_query("SELECT * FROM node WHERE ip='$ip'") or die(mysql_error());
if (mysql_num_rows($result) == 0) {
// update db
mysql_query("INSERT INTO asset (asset_name, hostname, assetclass_id) VALUE ('$asset_name', '$hostname', '$assetclass_id')") or die(mysql_error());
$asset_id = mysql_insert_id();
mysql_query("INSERT INTO node (ip, mac, dns1, dns2, subnet_id, asset_id) VALUE ('$ip', '$mac', '$dns1', '$dns2', '$subnet_id', '$asset_id')") or die(mysql_error());
$node_id = mysql_insert_id();
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
}
// display error
$comments = "ipinuse";
break;
case ("subnet") :
// get variables
$subnet_address= $_POST['subnet_address'];
$subnet_mask = $_POST['subnet_mask'];
// check permission
auth("subnet", $config_auth_subnetadd, 0);
// update db
mysql_query("INSERT INTO subnet (subnet_address, subnet_mask) VALUE ('$subnet_address', '$subnet_mask')") or die(mysql_error());
$subnet_id = mysql_insert_id();
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
// get variables
$user_name = $_POST['user_name'];
$user_pass = md5($config_user_pass);
$user_level = $_POST['user_level'];
$displayname = $_POST['user_name'];
$user_lang = $config_user_lang;
// check permission
auth("user", $config_auth_useradd, 0);
// check for unique username
$result = mysql_query("SELECT user_name FROM user WHERE user_name='$user_name'") or die(mysql_error());
if(mysql_num_rows($result) == 0) {
// update db
mysql_query("INSERT INTO user (user_name, user_pass, user_level, user_displayname, user_lang) VALUE ('$user_name', '$user_pass', '$user_level', '$displayname', '$user_lang')") or die(mysql_error());
$user_id = mysql_insert_id();
// redirect
header_location("userview.php?user_id=" . $user_id);
}
// display error
$comments = "usernameinuse";
break;
case ("userclass") :
// get variables
$userclass_name = $_POST['userclass_name'];
// check permission
auth("userclass", $config_auth_userclassadd, 0);
// update db
mysql_query("INSERT INTO userclass (userclass_name) VALUE ('$userclass_name')") or die(mysql_error());
$userclass_id = mysql_insert_id();
// redirect
header_location("userclassview.php?userclass_id=" . $userclass_id);
break;
case ("userclassauth") :
// get variables
$userclass_id = $_POST['userclass_id'];
$authitem = $_POST['authitem'];
$item_id = $_POST['item_id'];
$auth = $_POST['auth'];
// check permission
auth("userclassauth", $config_auth_userclassauthadd, 0);
// update db
mysql_query("INSERT INTO userclassauth (userclass_id, item, id, auth) VALUE ('$userclass_id', '$authitem', '$item_id', '$auth')") or die(mysql_error());
$userclassauth_id = mysql_insert_id();
// redirect
header_location("userclassauth.php");
break;
case ("vlan") :
// get variables
$vlan_name = $_POST['vlan_name'];
$vlan_number= $_POST['vlan_number'];
// check permission
auth("vlan", $config_auth_vlanadd, 0);
// update db
mysql_query("INSERT INTO vlan (vlan_name, vlan_number) VALUE ('$vlan_name', '$vlan_number')") or die(mysql_error());
$vlan_id = mysql_insert_id();
// redirect
header_location("vlan.php?vlan_id=" . $vlan_id);
break;
}
}
if (isset($_POST['edit'])) {
switch ($_POST['edit']) {
case ("asset") :
// get variables
$asset_id = $_POST['asset_id'];
$asset_name = $_POST['asset_name'];
$hostname = $_POST['hostname'];
$assetclass_id = $_POST['assetclass_id'];
$asset_info = $_POST['asset_info'];
// check permission
auth("asset", $config_auth_assetedit, $asset_id);
// update db
mysql_query("UPDATE asset SET asset_name='$asset_name', hostname='$hostname', assetclass_id='$assetclass_id', asset_info='$asset_info' WHERE asset_id='$asset_id'") or die(mysql_error()) or die(mysql_error());
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
break;
case ("assetclass") :
// get variables
$assetclass_id = $_POST['assetclass_id'];
$assetclass_name = $_POST['assetclass_name'];
$assetclassgroup_id = $_POST['assetclassgroup_id'];
// check permission
auth("assetclass", $config_auth_assetclassedit, $assetclass_id);
// update db
mysql_query("UPDATE assetclass SET assetclass_name='$assetclass_name', assetclassgroup_id='$assetclassgroup_id' WHERE assetclass_id='$assetclass_id'") or die(mysql_error());
// redirect
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
break;
case ("assetclassgroup") :
// get variables
$assetclassgroup_id = $_POST['assetclassgroup_id'];
$assetclassgroup_name = $_POST['assetclassgroup_name'];
$color = strtoupper($_POST['color']);
$color = preg_replace("|[^a-zA-Z0-9]|", "", $color);
// check permission
auth("assetclassgroup", $config_auth_assetclassgroupedit, $assetclassgroup_id);
// update db
mysql_query("UPDATE assetclassgroup SET assetclassgroup_name='$assetclassgroup_name', color='$color' WHERE assetclassgroup_id='$assetclassgroup_id'") or die(mysql_error());
// redirect
header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
break;
case ("location") :
// get variables
$location_id = $_POST['location_id'];
$location_name = $_POST['location_name'];
$parent = $_POST['parent'];
$location_info = $_POST['location_info'];
// check permission
auth("location", $config_auth_locationedit, $location_id);
// update db
mysql_query("UPDATE location SET location_name='$location_name', parent='$parent', location_info='$location_info' WHERE location_id='$location_id'") or die(mysql_error()) or die(mysql_error());
// redirect
header_location("locationview.php?location_id=" . $location_id);
break;
case ("node") :
// get variables
$node_id = $_POST['node_id'];
$asset_id = $_POST['asset_id'];
$subnet_id = $_POST['subnet_id'];
$mac = strip_mac($_POST['mac']);
$dns1 = $_POST['dns1'];
$dns2 = $_POST['dns2'];
$node_info = $_POST['node_info'];
// check permission
auth("node", $config_auth_nodeedit, $node_id);
// update db
mysql_query("UPDATE node SET asset_id='$asset_id', subnet_id='$subnet_id', mac='$mac', dns1='$dns1', dns2='$dns2', node_info='$node_info' WHERE node_id='$node_id'") or die(mysql_error());
// redirect
header_location("nodeview.php?node_id=" . $node_id);
break;
case ("subnet") :
// get variables
$subnet_id = $_POST['subnet_id'];
$subnet_address= $_POST['subnet_address'];
$subnet_mask = $_POST['subnet_mask'];
$vlan_id = $_POST['vlan_id'];
$subnet_info = $_POST['subnet_info'];
// check permission
auth("subnet", $config_auth_subnetedit, $subnet_id);
// update db
mysql_query("UPDATE subnet SET subnet_address='$subnet_address', subnet_mask='$subnet_mask', vlan_id='$vlan_id', subnet_info='$subnet_info' WHERE subnet_id='$subnet_id'") or die(mysql_error());
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
// get variables
$user_id = $_POST['user_id'];
$user_name = $_POST['user_name'];
$user_displayname = $_POST['user_displayname'];
$user_mac = $_POST['user_mac'];
$user_lang = $_POST['user_lang'];
// check permission
auth("user", $config_auth_useredit, $user_id);
// update db
mysql_query("UPDATE user SET user_displayname='$user_displayname', user_mac='$user_mac', user_lang='$user_lang' WHERE user_id='$user_id'") or die(mysql_error());
// procedure to update useruserclass table
// 1) delete current users
mysql_query("DELETE FROM useruserclass WHERE user_id='$user_id'") or die(mysql_error());
// 2) loop checkbox array for userclass_id
foreach( $_POST['userclass_id'] AS $userclass_id) {
// and insert
mysql_query("INSERT INTO useruserclass (user_id, userclass_id) VALUE ('$user_id', '$userclass_id')") or die(mysql_error());
}
// redirect
header_location("userview.php?user_id=" . $user_id);
break;
case ("userclass") :
// get variables
$userclass_id = $_POST['userclass_id'];
$userclass_name = $_POST['userclass_name'];
// check permission
auth("userclass", $config_auth_userclassedit, $userclass_id);
// update db
mysql_query("UPDATE userclass SET userclass_name='$userclass_name' WHERE userclass_id='$userclass_id'") or die(mysql_error());
// procedure to update useruserclass table
// 1) delete current users
mysql_query("DELETE FROM useruserclass WHERE userclass_id='$userclass_id'") or die(mysql_error());
// 2) loop checkbox array for user_id
foreach($_POST['user_id'] AS $user_id) {
// and insert
mysql_query("INSERT INTO useruserclass (user_id, userclass_id) VALUE ('$user_id', '$userclass_id')") or die(mysql_error());
}
// redirect
header_location("userclassview.php?userclass_id=" . $userclass_id);
break;
case ("userpass") :
// check variables
if (trim($_POST['user_passold']) <> "" && trim($_POST['user_passnew1']) && trim($_POST['user_passnew2']) && trim($_POST['user_passnew1']) == trim($_POST['user_passnew2'])) {
$suser_id = $_SESSION['suser_id'];
// get variables
$user_passold = $_POST['user_passold'];
$user_passnew = md5($_POST['user_passnew1']);
// get current pass
$result = mysql_query("SELECT user_pass FROM user WHERE user_id='$suser_id'") or die(mysql_error());
// check current pass
if(!strcmp(md5($user_passold), mysql_result($result, 0, "user_pass"))) {
// update db
mysql_query("UPDATE user SET user_pass='$user_passnew' WHERE user_id='$suser_id'") or die(mysql_error());
// redirect
header_location("options.php");
}
}
// display error
echo '<b>Error!</b>';
break;
case ("vlan") :
// get variables
$vlan_id = $_POST['vlan_id'];
$vlan_name = $_POST['vlan_name'];
$vlan_number = $_POST['vlan_number'];
$vlan_info = $_POST['vlan_info'];
// check permission
auth("vlan", $config_auth_vlanedit, $vlan_id);
// update db
mysql_query("UPDATE vlan SET vlan_name='$vlan_name', vlan_number='$vlan_number', vlan_info='$vlan_info' WHERE vlan_id='$vlan_id'") or die(mysql_error());
// redirect
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
}
}
if (isset($_POST['del'])) {
switch ($_POST['del']) {
case ("asset") :
// get variables
$asset_id = $_POST['asset_id'];
// check permission
auth("asset", $config_auth_assetdel, $asset_id);
// update db
mysql_query("DELETE FROM asset WHERE asset_id='$asset_id'") or die(mysql_error());
mysql_query("DELETE FROM node WHERE asset_id='$asset_id'") or die(mysql_error());
// redirect
header_location("asset.php");
break;
case ("assetclass") :
// get variables
$assetclass_id = $_POST['assetclass_id'];
// check permission
auth("assetclass", $config_auth_assetclassdel, $assetclass_id);
// update db
mysql_query("DELETE FROM assetclass WHERE assetclass_id='$assetclass_id'") or die(mysql_error());
// redirect
header_location("assetclass.php");
break;
case ("assetclassgroup") :
// get variables
$assetclassgroup_id = $_POST['assetclassgroup_id'];
// check permission
auth("assetclassgroup", $config_auth_assetclassgroupdel, $assetclassgroup_id);
// update db
mysql_query("DELETE FROM assetclassgroup WHERE assetclassgroup_id='$assetclassgroup_id'") or die(mysql_error());
// redirect
header_location("assetclassgroup.php");
break;
case ("location") :
// get variables
$location_id = $_POST['location_id'];
// check permission
auth("location", $config_auth_locationdel, $location_id);
// update db
mysql_query("DELETE FROM location WHERE location_id='$location_id'") or die(mysql_error());
// redirect
header_location("location.php");
break;
case ("node") :
// get variables
$node_id = $_POST['node_id'];
$asset_id = $_POST['asset_id'];
// check permission
auth("node", $config_auth_nodedel, $node_id);
// update db
mysql_query("DELETE FROM node WHERE node_id='$node_id'") or die(mysql_error());
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
break;
case ("subnet") :
// get variables
$subnet_id = $_POST['subnet_id'];
// check permission
auth("subnet", $config_auth_subnetdel, $subnet_id);
// update db
mysql_query("DELETE FROM subnet WHERE subnet_id='$subnet_id'") or die(mysql_error());
mysql_query("DELETE FROM node WHERE subnet_id='$subnet_id'") or die(mysql_error());
// redirect
header_location("subnet.php");
break;
case ("user") :
// get variables
$user_id = $_POST['user_id'];
// check permission
auth("user", $config_auth_userdel, $user_id);
// update db
mysql_query("DELETE FROM user WHERE user_id='$user_id'") or die(mysql_error());
// redirect
header_location("user.php");
break;
case ("userclass") :
// get variables
$userclass_id = $_POST['userclass_id'];
// check permission
auth("userclass", $config_auth_userclassdel, $userclass_id);
// update db
mysql_query("DELETE FROM userclass WHERE userclass_id='$userclass_id'") or die(mysql_error());
// redirect
header_location("userclass.php");
break;
case ("vlan") :
// get variables
$vlan_id = $_POST['vlan_id'];
// check permission
auth("vlan", $config_auth_vlandel, $vlan_id);
// update db
mysql_query("DELETE FROM vlan WHERE vlan_id='$vlan_id'") or die(mysql_error());
// redirect
header_location("vlan.php");
break;
}
}
}
// still not redirected, check for error
if(empty($comments)) {
$comments = "notallowed";
}
// redirect
header_location("comments.php?comments=" . $comments);
?>