thooge
/
ipreg
Archived
1
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

Refactored user, vlan and zone

Browse Source
master
Thomas Hooge 1 year ago
parent c63b500d77
commit 32bd592098
31 changed files with 473 additions and 407 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 26
      submit.php
  2. 4
      tpl/user.tpl
  3. 5
      tpl/useradd.tpl
  4. 9
      tpl/userdel.tpl
  5. 7
      tpl/useredit.tpl
  6. 8
      tpl/userview.tpl
  7. 4
      tpl/vlan.tpl
  8. 5
      tpl/vlanadd.tpl
  9. 9
      tpl/vlandel.tpl
  10. 7
      tpl/vlanedit.tpl
  11. 6
      tpl/vlanview.tpl
  12. 4
      tpl/zone.tpl
  13. 5
      tpl/zoneadd.tpl
  14. 11
      tpl/zonedel.tpl
  15. 9
      tpl/zoneedit.tpl
  16. 4
      tpl/zoneview.tpl
  17. 152
      user.php
  18. 27
      useradd.php
  19. 28
      userdel.php
  20. 39
      useredit.php
  21. 35
      userview.php
  22. 123
      vlan.php
  23. 18
      vlanadd.php
  24. 26
      vlandel.php
  25. 28
      vlanedit.php
  26. 37
      vlanview.php
  27. 149
      zone.php
  28. 16
      zoneadd.php
  29. 23
      zonedel.php
  30. 27
      zoneedit.php
  31. 29
      zoneview.php

26
submit.php
Unescape View File

@ -119,7 +119,7 @@ if (isset($_POST['add'])) {
header_location("assetview.php?asset_id=" . $dbh->lastInsertId());
break;
/* refactored
/*
case ("assetclass") :
$name = sanitize($_POST['assetclass_name']);
$description = sanitize($_POST['assetclass_description']);
@ -304,7 +304,7 @@ if (isset($_POST['add'])) {
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
/* case ("user") :
$user_name = strtolower(sanitize($_POST['user_name']));
$user_displayname = sanitize($_POST['user_displayname']);
$user_password = md5(sanitize($_POST['user_password']));
@ -338,7 +338,7 @@ if (isset($_POST['add'])) {
$sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info]);
header_location("vlanview.php?vlan_id=" . $dbh->lastInsertId());
break;
break; */
case ("vlansubnet") :
$subnet_id = sanitize($_POST['subnet_id']);
@ -352,7 +352,7 @@ if (isset($_POST['add'])) {
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
/* case ("zone") :
$zone_origin = sanitize($_POST['zone_origin']);
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
$zone_soa = sanitize($_POST['zone_soa']);
@ -380,7 +380,7 @@ if (isset($_POST['add'])) {
$zone_ns1, $zone_ns2, $zone_ns3, $zone_mx1, $zone_mx2, $zone_info]);
header_location("zoneview.php?zone_id=" . $dbh->lastInsertId());
break;
break; */
}
}
@ -398,7 +398,7 @@ if (isset($_POST['del'])) {
header_location("asset.php");
break;
/* refactored
/*
case ("assetclass") :
$assetclass_id = sanitize($_POST['assetclass_id']);
@ -487,7 +487,7 @@ if (isset($_POST['del'])) {
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
/* case ("user") :
$user_id = sanitize($_POST['user_id']);
$sth = $dbh->prepare("DELETE FROM user WHERE user_id=?");
@ -503,7 +503,7 @@ if (isset($_POST['del'])) {
$sth->execute([$vlan_id]);
header_location("vlan.php");
break;
break; */
case ("vlansubnet") :
$subnet_id = sanitize($_POST['subnet_id']);
@ -515,14 +515,14 @@ if (isset($_POST['del'])) {
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
/* case ("zone") :
$zone_id = sanitize($_POST['zone_id']);
$sth = $dbh->prepare("DELETE FROM zone WHERE zone_id=?");
$sth->execute([$zone_id]);
header_location("zone.php");
break;
break; */
}
}
@ -548,7 +548,7 @@ if (isset($_POST['edit'])) {
$asset_id]);
header_location("assetview.php?asset_id=" . $asset_id);
/* refactored
/*
case ("assetclass") :
$id = sanitize($_POST['assetclass_id']);
$name = sanitize($_POST['assetclass_name']);
@ -729,7 +729,7 @@ if (isset($_POST['edit'])) {
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
/* case ("user") :
$user_id = sanitize($_POST['user_id']);
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
@ -803,7 +803,7 @@ if (isset($_POST['edit'])) {
$id]);
header_location("zoneview.php?zone_id=" . $zone_id);
break;
break; */
}
}

4
tpl/user.tpl
Unescape View File

@ -5,7 +5,7 @@
{$lang_users} ({$users|@count})
</td>
<td align="right">
<a href="useradd.php"><img src="images/user_add.png" alt="{$lang_user_add}" /></a>
<a href="user.php?f=add"><img src="images/user_add.png" alt="{$lang_user_add}" /></a>
</td>
</tr>
</table>
@ -28,7 +28,7 @@
{foreach item=user from=$users}
<tr>
<td class="label">
<a href="userview.php?user_id={$user.id}">{$user.name}</a>
<a href="user.php?f=view&id={$user.id}">{$user.name}</a>
</td>
<td class="value">
{$user.realm}

5
tpl/useradd.tpl
Unescape View File

@ -1,5 +1,4 @@
<form method="POST" action="submit.php">
<input type="hidden" name="add" value="user">
<form method="POST" action="user.php">
<table class="title">
<tr>
@ -9,7 +8,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>
<input type="image" src="images/user_add.png" alt="{$lang_submit}" />
<input type="image" name="submit[insert]" src="images/user_add.png" alt="{$lang_submit}" />
</td>
</tr>
</table>

9
tpl/userdel.tpl
Unescape View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="del" value="user">
<input type="hidden" name="user_id" value="{$user->id}">
<form method="POST" action="user.php">
<input type="hidden" name="id" value="{$user->id}">
<table class="title">
<tr>
@ -10,7 +9,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>
<input type="image" src="images/user_delete.png" alt="{$lang_submit}">
<input type="image" name="submit[delete]" src="images/user_delete.png" alt="{$lang_submit}">
</td>
</tr>
</table>
@ -29,7 +28,7 @@
{$lang_user_name}
</td>
<td class="value">
<a href="userview.php?user_id={$user->id}">{$user->name}</a>
<a href="user.php?f=view&id={$user->id}">{$user->name}</a>
</td>
</tr>
</table>

7
tpl/useredit.tpl
Unescape View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="edit" value="user">
<input type="hidden" name="user_id" value="{$user->id}">
<form method="POST" action="user.php">
<input type="hidden" name="id" value="{$user->id}">
<table class="title">
<tr>
@ -10,7 +9,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=save" alt="{$lang_submit}">
<input type="image" name="submit[update]" src="images/page_save.png" alt="{$lang_submit}">
</td>
</tr>
</table>

8
tpl/userview.tpl
Unescape View File

@ -2,11 +2,11 @@
<tr>
<td class="header">
<img class="icon" src="images/user.png" alt="" />
{$user_name}
{$user->name}
</td>
<td align="right">
<a href="useredit.php?user_id={$user->id}"><img src="images/user_edit.png" alt="{$lang_user_edit}"></a>
<a href="userdel.php?user_id={$user->id}"><img src="images/user_delete.png" alt="{$lang_user_del}"></a>
<a href="user.php?f=edit&id={$user->id}"><img src="images/user_edit.png" alt="{$lang_user_edit}"></a>
<a href="user.php?f=del&id={$user->id}"><img src="images/user_delete.png" alt="{$lang_user_del}"></a>
</td>
</tr>
</table>
@ -25,7 +25,7 @@
{$lang_user_name}
</td>
<td class="value">
<a href="userview.php?user_id={$user->id}">{$user->name}</a>
<b>{$user->name}</b>
</td>
</tr>
<tr>

4
tpl/vlan.tpl
Unescape View File

@ -6,7 +6,7 @@
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="vlanadd.php"><img src="image.php?icon=add" alt="{$lang_vlan_add}" {if $suser_tooltips}title="{$lang_vlan_add}" {/if}/></a>
<a href="vlan.php?f=add"><img src="image.php?icon=add" alt="{$lang_vlan_add}" {if $suser_tooltips}title="{$lang_vlan_add}" {/if}/></a>
{/if}
</td>
</tr>
@ -31,7 +31,7 @@
</td>
<td class="value">
<img src="image.php?color={$vlan.color}" alt="#{$vlan.color}">
<a href="vlanview.php?vlan_id={$vlan.id}">{$vlan.name}</a>
<a href="vlan.php?f=view&id={$vlan.id}">{$vlan.name}</a>
</td>
<td>
{$vlan.info}

5
tpl/vlanadd.tpl
Unescape View File

@ -1,5 +1,4 @@
<form method="POST" action="submit.php">
<input type="hidden" name="add" value="vlan">
<form method="POST" action="vlan.php">
<table class="title">
<tr>
@ -8,7 +7,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=save" alt="{$lang_submit}">
<input type="image" name="submit[insert]" src="images/page_save.png" alt="{$lang_submit}">
</td>
</tr>
</table>

9
tpl/vlandel.tpl
Unescape View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="del" value="vlan">
<input type="hidden" name="vlan_id" value="{$vlan->id}">
<form method="POST" action="vlan.php">
<input type="hidden" name="id" value="{$vlan->id}">
<table class="title">
<tr>
@ -9,7 +8,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=delete" alt="{$lang_submit}">
<input type="image" name="submit[delete]" src="images/bin.png" alt="{$lang_delete}">
</td>
</tr>
</table>
@ -28,7 +27,7 @@
{$lang_vlan_name}
</td>
<td class="value">
<a href="vlanview.php?vlan_id={$vlan->id}">{$vlan->name}&nbsp;({$vlan->number})</a>
<a href="vlan.php?f=view&id={$vlan->id}">{$vlan->name}&nbsp;({$vlan->number})</a>
</td>
</tr>
</table>

7
tpl/vlanedit.tpl
Unescape View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="edit" value="vlan">
<input type="hidden" name="vlan_id" value="{$vlan->id}">
<form method="POST" action="vlan.php">
<input type="hidden" name="id" value="{$vlan->id}">
<table class="title">
<tr>
@ -10,7 +9,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=save" alt="{$lang_submit}">
<input type="image" name="submit[update]" src="images/page_save.png" alt="{$lang_save}">
</td>
</tr>
</table>

6
tpl/vlanview.tpl
Unescape View File

@ -9,10 +9,10 @@
<a href="assignvlantosubnet.php?vlan_id={$vlan->id}"><img src="image.php?icon=add" alt="{$lang_assignvlantosubnet}"></a>
{/if}
{if $suser_edit}
<a href="vlanedit.php?vlan_id={$vlan->id}"><img src="image.php?icon=edit" alt="{$lang_vlan_edit}"></a>
<a href="vlan.php?f=edit&id={$vlan->id}"><img src="image.php?icon=edit" alt="{$lang_vlan_edit}"></a>
{/if}
{if $suser_delete}
<a href="vlandel.php?vlan_id={$vlan->id}"><img src="image.php?icon=delete" alt="{$lang_vlan_del}"></a>
<a href="vlan.php?f=del&id={$vlan->id}"><img src="image.php?icon=delete" alt="{$lang_vlan_del}"></a>
{/if}
</td>
</tr>
@ -32,7 +32,7 @@
{$lang_vlan_name}
</td>
<td class="value">
<a href="vlanview.php?vlan_id={$vlan->id}">{$vlan->name}</a>
<a href="vlan.php?f=view&id={$vlan->id}">{$vlan->name}</a>
</td>
</tr>
<tr>

4
tpl/zone.tpl
Unescape View File

@ -6,7 +6,7 @@
</td>
<td align="right">
{if $suser_add || $suser_admin}
<a href="zoneadd.php"><img src="image.php?icon=add" alt="{$lang_zone_add}"></a>
<a href="zone.php?f=add"><img src="image.php?icon=add" alt="{$lang_zone_add}"></a>
{/if}
</td>
</tr>
@ -27,7 +27,7 @@
{foreach item=zone from=$zones}
<tr>
<td class="label">
<a href="zoneview.php?zone_id={$zone.id}">{$zone.origin}</a>
<a href="zone.php?f=view&id={$zone.id}">{$zone.origin}</a>
</td>
<td class="value">
{$zone.hostmaster}

5
tpl/zoneadd.tpl
Unescape View File

@ -1,5 +1,4 @@
<form method="POST" action="submit.php">
<input type="hidden" name="add" value="zone">
<form method="POST" action="zone.php">
<table class="title">
<tr>
@ -8,7 +7,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=save" alt="{$lang_submit}">
<input type="image" name="submit[insert]" src="images/page_save.png" alt="{$lang_submit}">
</td>
</tr>
</table>

11
tpl/zonedel.tpl
Unescape View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="del" value="zone">
<input type="hidden" name="zone_id" value="{$zone.zone_id}">
<form method="POST" action="zone.php">
<input type="hidden" name="id" value="{$zone->zone_id}">
<table class="title">
<tr>
@ -9,7 +8,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=cancel" alt="{$lang_cancel}"></a>
<input type="image" src="images/table_delete.png" alt="{$lang_submit}">
<input type="image" name="submit[delete]" src="images/table_delete.png" alt="{$lang_submit}">
</td>
</tr>
</table>
@ -28,8 +27,8 @@
{$lang_zone}
</td>
<td class="value">
<a href="zoneview.php?zone_id={$zone.zone_id}">{$zone.zone_origin}</a>
({$zone.zone_serial})
<a href="zone.php?f=view&id={$zone->zone_id}">{$zone->zone_origin}</a>
({$zone->zone_serial})
</td>
</tr>
</table>

9
tpl/zoneedit.tpl
Unescape View File

@ -1,6 +1,5 @@
<form method="POST" action="submit.php">
<input type="hidden" name="edit" value="zone">
<input type="hidden" name="zone_id" value="{$zone->zone_id}">
<form method="POST" action="zone.php">
<input type="hidden" name="id" value="{$zone->zone_id}">
<table class="title">
<tr>
@ -10,7 +9,7 @@
</td>
<td align="right">
<a href="#" onClick="history.go(-1)"><img src="image.php?icon=back" alt="{$lang_cancel}"></a>
<input type="image" src="image.php?icon=save" alt="{$lang_submit}">
<input type="image" name="submit[update]" src="images/page_save.png" alt="{$lang_save}">
</td>
</tr>
</table>
@ -141,7 +140,7 @@
Zone Info
</td>
<td class="value">
<textarea name="zone_info" cols="30" rows="10">{$zone.zone_info}</textarea>
<textarea name="zone_info" cols="30" rows="10">{$zone->zone_info}</textarea>
</td>
</tr>
</table>

4
tpl/zoneview.tpl
Unescape View File

@ -6,10 +6,10 @@
</td>
<td align="right">
{if $suser_edit || $suser_admin}
<a href="zoneedit.php?zone_id={$zone->zone_id}"><img src="images/table_edit.png" alt="{$lang_zone_edit}" /></a>
<a href="zone.php?f=edit&id={$zone->zone_id}"><img src="images/table_edit.png" alt="{$lang_zone_edit}" /></a>
{/if}
{if $suser_delete || $suser_admin}
<a href="zonedel.php?zone_id={$zone->zone_id}"><img src="images/table_delete.png" alt="{$lang_zone_del}" /></a>
<a href="zone.php?f=del&id={$zone->zone_id}"><img src="images/table_delete.png" alt="{$lang_zone_del}" /></a>
{/if}
</td>
</tr>

152
user.php
Unescape View File

@ -13,8 +13,90 @@ if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] ==
header_location('comments.php?comments=accessdenied');
}
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'] or $id = 0;
}
// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {
case NULL: break;
case 'add': $action = ACT_ADD; break;
case 'view': $action = ACT_VIEW; break;
case 'edit': $action = ACT_EDIT; break;
case 'del': $action = ACT_DELETE; break;
case 'insert':
$user_name = strtolower(sanitize($_POST['user_name']));
$user_displayname = sanitize($_POST['user_displayname']);
$user_password = md5(sanitize($_POST['user_password']));
// check if username exists
$sth = $dbh->prepare("SELECT COUNT(*) FROM user WHERE user_name=?");
$sth->execute([$user_name]);
if ($sth->fetchColumn() == 0) {
$sql = "INSERT INTO user (user_name, user_displayname, user_pass)
VALUE (?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$user_name, $user_displayname, $user_password]);
$id = $dbh->lastInsertId();
$action = ACT_VIEW;
} else {
$g_error->Add(_("Username already in use."));
$action = ACT_ADD;
}
break;
case 'update':
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
$user_realm = sanitize($_POST['user_realm']);
// roles
$role_add = sanitize($_POST['role_add']);
$role_edit = sanitize($_POST['role_edit']);
$role_delete = sanitize($_POST['role_delete']);
$role_manage = sanitize($_POST['role_manage']);
$role_admin = sanitize($_POST['role_admin']);
// construct menu set
$role = array();
if ($role_add) $role[] = 'add';
if ($role_edit) $role[] = 'edit';
if ($role_delete) $role[] = 'delete';
if ($role_manage) $role[] = 'manage';
if ($role_admin) $role[] = 'admin';
$sql = "UPDATE user SET
user_name=?, user_displayname=?, user_realm=?,
user_role=?
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_name ,$user_displayname, $user_realm,
implode(',', $role), $id]);
$action = ACT_VIEW;
break;
case 'delete':
$sth = $dbh->prepare("DELETE FROM user WHERE user_id=?");
$sth->execute([$id]);
$g_message->Add(_("User deleted."));
$action = ACT_DEFAULT;
break;
default:
$g_error->Add(submit_error($submit));
$valid = FALSE;
}
// ========== ACTIONS END =====================================================
include("header.php");
if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================
$sql = "SELECT user_id AS id, user_name AS name,
user_displayname AS displayname, user_realm AS realm,
user_role AS role
@ -27,10 +109,74 @@ $users = $sth->fetchAll(PDO::FETCH_ASSOC);
for($i = 0; $i < count($users); $i++) {
$users[$i]['role'] = explode(',', $users[$i]['role'] );
}
$smarty->assign("users", $users);
$smarty->display("user.tpl");
include("footer.php");
elseif ($action == ACT_ADD):
// ========== VARIANT: add record =============================================
$realms = db_load_enum('user','user_realm');
$smarty->assign("realm_ids", $realms);
$smarty->assign("realm_names", $realms);
$smarty->assign("realm_selected", $realms[0]);
$smarty->display("useradd.tpl");
elseif ($action == ACT_VIEW):
// ========== VARIANT: view single record =====================================
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm as realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$user->flags = explode(',', $user->flags);
$smarty->assign("user", $user);
$smarty->display("userview.tpl");
elseif ($action == ACT_EDIT):
// ========== VARIANT: edit single record =====================================
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm AS realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$smarty->assign("user", $user);
// auth realms
$smarty->assign("realm_ids", ['local', 'ldap']);
$smarty->assign("realm_names", ['Local', 'LDAP']);
$smarty->assign("realm_selected", $user->realm);
$smarty->display("useredit.tpl");
elseif ($action == ACT_DELETE):
// ========== VARIANT: delete record ==========================================
$sth = $dbh->prepare("SELECT user_id AS id, user_name AS name FROM user WHERE user_id=?");
$sth->execute([$id]);
$smarty->assign("user", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("userdel.tpl");
else:
// ========== ERROR UNKNOWN VARIANT ===========================================
echo "<p>Unknown function call: Please report to system development!</p>\n";
endif; // $action == ...
// ========== END OF VARIANTS =================================================
$smarty->display('footer.tpl');
?>

27
useradd.php
Unescape View File

@ -1,27 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (($_SESSION['suser_role_admin'] == 0) && ($_SESSION['suser_role_manage'] == 0)) {
header_location('comments.php?comments=accessdenied');
}
include("header.php");
$realms = db_load_enum('user','user_realm');
$smarty->assign("realm_ids", $realms);
$smarty->assign("realm_names", $realms);
$smarty->assign("realm_selected", $realms[0]);
$smarty->display("useradd.tpl");
include("footer.php");
?>

28
userdel.php
Unescape View File

@ -1,28 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if ($_SESSION['suser_role_admin'] == 0) {
header_location('comments.php?comments=accessdenied');
}
$user_id = sanitize($_GET['user_id']);
include("header.php");
$sth = $dbh->prepare("SELECT user_id AS id user_name AS user_name FROM user WHERE user_id=?");
$dbh->execute([$user_id]);
$smarty->assign("user", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("userdel.tpl");
include("footer.php");
?>

39
useredit.php
Unescape View File

@ -1,39 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (($_SESSION['suser_role_admin'] == 0) && ($_SESSION['suser_role_manage'] == 0)) {
header_location('comments.php?comments=accessdenied');
}
$user_id = sanitize($_GET['user_id']);
include("header.php");
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm AS realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_id]);
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$smarty->assign("user", $user);
// auth realms
$smarty->assign("realm_ids", ['local', 'ldap']);
$smarty->assign("realm_names", ['Local', 'LDAP']);
$smarty->assign("realm_selected", $user->realm);
$smarty->display("useredit.tpl");
include("footer.php");
?>

35
userview.php
Unescape View File

@ -1,35 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] == 0)) {
header_location('comments.php?comments=accessdenied');
}
$user_id = sanitize($_GET['user_id']);
include("header.php");
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm as realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_id]);
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$user->flags = explode(',', $user->flags);
$smarty->assign("user", $user);
$smarty->display("userview.tpl");
include("footer.php");
?>

123
vlan.php
Unescape View File

@ -8,8 +8,68 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'] or $id = 0;
}
// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {
case NULL: break;
case 'add': $action = ACT_ADD; break;
case 'view': $action = ACT_VIEW; break;
case 'edit': $action = ACT_EDIT; break;
case 'del': $action = ACT_DELETE; break;
case 'insert':
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
$vlan_color = sanitize($_POST['vlan_color']);
$sql = "INSERT INTO vlan (vlan_name, vlan_number, vlan_color, vlan_info)
VALUE (?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info]);
$id = $dbh->lastInsertId();
$action = ACT_VIEW;
break;
case 'update':
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
$vlan_color = sanitize($_POST['vlan_color']);
$sql = "UPDATE vlan SET vlan_name=?, vlan_number=?, vlan_color=?, vlan_info=? WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_name, $vlan_number, $vlan_color, $vlan_info, $id]);
$action = ACT_VIEW;
break;
case 'delete':
$sth = $dbh->prepare("DELETE FROM vlan WHERE vlan_id=?");
$sth->execute([$id]);
$g_message->Add(_("VLAN deleted."));
$action = ACT_DEFAULT;
break;
default:
$g_error->Add(submit_error($submit));
$valid = FALSE;
}
// ========== ACTIONS END =====================================================
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================
$sql = "SELECT vlan_id AS id, vlan_number AS number, vlan_name AS name,
vlan_color AS color, LEFT(vlan_info, 60) AS info
FROM vlan
@ -19,5 +79,66 @@ $smarty->assign("vlans", $sth->fetchAll());
$smarty->display("vlan.tpl");
include("footer.php");
elseif ($action == ACT_ADD):
// ========== VARIANT: add record =============================================
$smarty->display("vlanadd.tpl");
elseif ($action == ACT_VIEW):
// ========== VARIANT: view single record =====================================
// vlan
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
vlan_info AS info, vlan_color AS color
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
// subnets
$sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask, s.subnet_info
FROM subnet AS s LEFT JOIN subnetvlan AS v USING (subnet_id)
WHERE v.vlan_id=?
ORDER BY INET_ATON(s.subnet_address)";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("subnets", $sth->fetchAll());
$smarty->display("vlanview.tpl");
elseif ($action == ACT_EDIT):
// ========== VARIANT: edit single record =====================================
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
vlan_color AS color, vlan_info AS info
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("vlanedit.tpl");
elseif ($action == ACT_DELETE):
// ========== VARIANT: delete record ==========================================
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("vlandel.tpl");
else:
// ========== ERROR UNKNOWN VARIANT ===========================================
echo "<p>Unknown function call: Please report to system development!</p>\n";
endif; // $action == ...
// ========== END OF VARIANTS =================================================
$smarty->display('footer.tpl');
?>

18
vlanadd.php
Unescape View File

@ -1,18 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
$smarty->display("vlanadd.tpl");
include("footer.php");
?>

26
vlandel.php
Unescape View File

@ -1,26 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$vlan_id = sanitize($_GET['vlan_id']);
include("header.php");
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("vlandel.tpl");
include("footer.php");
?>

28
vlanedit.php
Unescape View File

@ -1,28 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$vlan_id = sanitize($_GET['vlan_id']);
$smarty->assign("scripts", 'jscolor.js');
include("header.php");
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
vlan_color AS color, vlan_info AS info
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("vlanedit.tpl");
include("footer.php");
?>

37
vlanview.php
Unescape View File

@ -1,37 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$vlan_id = sanitize($_GET['vlan_id']);
include("header.php");
// vlan
$sql = "SELECT vlan_id AS id, vlan_name AS name, vlan_number AS number,
vlan_info AS info, vlan_color AS color
FROM vlan
WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_id]);
$smarty->assign("vlan", $sth->fetch(PDO::FETCH_OBJ));
// subnets
$sql = "SELECT s.subnet_id, s.subnet_address, s.subnet_mask, s.subnet_info
FROM subnet AS s LEFT JOIN subnetvlan AS v USING (subnet_id)
WHERE v.vlan_id=?
ORDER BY INET_ATON(s.subnet_address)";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_id]);
$smarty->assign("subnets", $sth->fetchAll());
$smarty->display("vlanview.tpl");
include("footer.php");
?>

149
zone.php
Unescape View File

@ -8,9 +8,99 @@ SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'] or $id = 0;
}
// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {
case NULL: break;
case 'add': $action = ACT_ADD; break;
case 'view': $action = ACT_VIEW; break;
case 'edit': $action = ACT_EDIT; break;
case 'del': $action = ACT_DELETE; break;
case 'insert':
$zone_origin = sanitize($_POST['zone_origin']);
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
$zone_soa = sanitize($_POST['zone_soa']);
$zone_hostmaster = sanitize($_POST['zone_hostmaster']);
$zone_refresh = sanitize($_POST['zone_refresh']);
$zone_retry = sanitize($_POST['zone_retry']);
$zone_expire = sanitize($_POST['zone_expire']);
$zone_ttl = sanitize($_POST['zone_ttl']);
$zone_serial = sanitize($_POST['zone_serial']);
$zone_ns1 = sanitize($_POST['zone_ns1']);
$zone_ns2 = sanitize($_POST['zone_ns2']);
$zone_ns3 = sanitize($_POST['zone_ns3']);
$zone_mx1 = sanitize($_POST['zone_mx1']);
$zone_mx2 = sanitize($_POST['zone_mx2']);
$zone_info = sanitize($_POST['zone_info']);
$sql = "INSERT INTO zone (
zone_origin, zone_ttl_default, zone_soa, zone_hostmaster,
zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info)
VALUE (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$zone_origin, $zone_ttl_default, $zone_soa, $zone_hostmaster,
$zone_refresh, $zone_retry, $zone_expire, $zone_ttl, $zone_serial,
$zone_ns1, $zone_ns2, $zone_ns3, $zone_mx1, $zone_mx2, $zone_info]);
$id = $dbh->lastInsertId();
$action = ACT_VIEW;
break;
case 'update':
$origin = sanitize($_POST['zone_origin']);
$ttl_default = sanitize($_POST['zone_ttl_default']);
$soa = sanitize($_POST['zone_soa']);
$hostmaster = sanitize($_POST['zone_hostmaster']);
$refresh = sanitize($_POST['zone_refresh']);
$retry = sanitize($_POST['zone_retry']);
$expire = sanitize($_POST['zone_expire']);
$ttl = sanitize($_POST['zone_ttl']);
$serial = sanitize($_POST['zone_serial']);
$ns1 = sanitize($_POST['zone_ns1']);
$ns2 = sanitize($_POST['zone_ns2']);
$ns3 = sanitize($_POST['zone_ns3']);
$mx1 = sanitize($_POST['zone_mx1']);
$mx2 = sanitize($_POST['zone_mx2']);
$info = sanitize($_POST['zone_info']);
$sql = "UPDATE zone SET
zone_origin=?, zone_ttl_default=?, zone_soa=?, zone_hostmaster=?,
zone_refresh=?, zone_retry=?, zone_expire=?, zone_ttl=?, zone_serial=?,
zone_ns1=?, zone_ns2=?, zone_ns3=?, zone_mx1=?, zone_mx2=?, zone_info=?
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$origin, $ttl_default, $soa, $hostmaster, $refresh, $retry,
$expire, $ttl, $serial, $ns1, $ns2, $ns3, $mx1, $mx2, $info,
$id]);
$action = ACT_VIEW;
break;
case 'delete':
$sth = $dbh->prepare("DELETE FROM zone WHERE zone_id=?");
$sth->execute([$id]);
$g_message->Add(_("Deleted zone"));
$action = ACT_DEFAULT;
break;
default:
$g_error->Add(submit_error($submit));
$valid = FALSE;
}
// ========== ACTIONS END =====================================================
include("header.php");
if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================
$sql = "SELECT zone_id AS id, zone_origin AS origin, zone_soa AS soa,
zone_hostmaster AS hostmaster, zone_serial AS serial
FROM zone
@ -19,6 +109,57 @@ $sth = $dbh->query($sql);
$smarty->assign("zones", $sth->fetchAll());
$smarty->display("zone.tpl");
include("footer.php");
elseif ($action == ACT_ADD):
// ========== VARIANT: add record =============================================
$smarty->display("zoneadd.tpl");
elseif ($action == ACT_VIEW):
// ========== VARIANT: view single record =====================================
$sql = "SELECT zone_id, zone_soa, zone_hostmaster, zone_origin,
zone_ttl_default, zone_refresh, zone_retry, zone_expire,
zone_ttl, zone_serial, zone_ns1, zone_ns2, zone_ns3,
zone_mx1, zone_mx2, zone_info
FROM zone
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("zoneview.tpl");
elseif ($action == ACT_EDIT):
// ========== VARIANT: edit single record =====================================
$sql = "SELECT zone_id, zone_soa, zone_hostmaster, zone_origin, zone_ttl_default,
zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info
FROM zone
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("zoneedit.tpl");
elseif ($action == ACT_DELETE):
// ========== VARIANT: delete record ==========================================
$sth = $dbh->prepare("SELECT zone_id, zone_origin, zone_serial FROM zone WHERE zone_id=?");
$sth->execute([$id]);
$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("zonedel.tpl");
else:
// ========== ERROR UNKNOWN VARIANT ===========================================
echo "<p>Unknown function call: Please report to system development!</p>\n";
endif; // $action == ...
// ========== END OF VARIANTS =================================================
$smarty->display('footer.tpl');
?>

16
zoneadd.php
Unescape View File

@ -1,16 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
include("header.php");
$smarty->display("zoneadd.tpl");
include("footer.php");
?>

23
zonedel.php
Unescape View File

@ -1,23 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$zone_id = sanitize($_GET['zone_id']);
include("header.php");
$sth = $dbh->prepare("SELECT zone_id, zone_origin, zone_serial FROM zone WHERE zone_id=?");
$sth->execute($sql);
$smarty->assign("zone", $sth->fetchAll(PDO::FETCH_ASSOC));
$smarty->display("zonedel.tpl");
include("footer.php");
?>

27
zoneedit.php
Unescape View File

@ -1,27 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$zone_id = sanitize($_GET['zone_id']);
include("header.php");
$sql = "SELECT zone_id, zone_soa, zone_hostmaster, zone_origin, zone_ttl_default,
zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info
FROM zone
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$zone_id]);
$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("zoneedit.tpl");
include("footer.php");
?>

29
zoneview.php
Unescape View File

@ -1,29 +0,0 @@
<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
$zone_id = sanitize($_GET['zone_id']);
include("header.php");
$sql = "SELECT zone_id, zone_soa, zone_hostmaster, zone_origin,
zone_ttl_default, zone_refresh, zone_retry, zone_expire,
zone_ttl, zone_serial, zone_ns1, zone_ns2, zone_ns3,
zone_mx1, zone_mx2, zone_info
FROM zone
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$zone_id]);
$smarty->assign("zone", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("zoneview.tpl");
include("footer.php");
?>