<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge

SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/

include("includes.php");

if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
}

// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {

    case NULL: break;

    case 'add':   $action = ACT_ADD; break;
    case 'link':  $action = ACT_LINK; break;
    case 'view':  $action = ACT_VIEW; break;
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;

    case 'insert':
        // node with asset or link node to asset

        $asset_name = sanitize($_POST['asset_name']);
        $asset_hostname = sanitize($_POST['asset_hostname']);
        $assetclass_id = sanitize($_POST['assetclass_id']);
        $ip = sanitize($_POST['node_ip']);
        $mac = strip_mac(sanitize($_POST['node_mac']));
        if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1']));
        if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2']));
        $node_info = sanitize($_POST['node_info']);
        $subnet_id = $_POST['subnet_id'];

        $sql = "INSERT INTO asset (asset_name, asset_hostname, assetclass_id)
                   VALUE (?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$asset_name, $asset_hostname, $assetclass_id]);
        $asset_id = $dbh->lastInsertId();

        $sql = "INSERT INTO node (
                    node_ip, node_mac, node_dns1, node_dns2, node_info,
                    subnet_id, asset_id
                )
                VALUES (?, ?, ?, ?, ?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$ip, $mac, $dns1, $dns2, $node_info, $subnet_id, $asset_id]);

        $action = ACT_VIEW;
        break;

    case 'exec-link':
        $node_ip = sanitize($_POST['node_ip']);
        $subnet_id = sanitize($_POST['subnet_id']);
        $asset_id = sanitize($_POST['asset_id']);
        $node_mac = strip_mac(sanitize($_POST['node_mac']));
        if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1']));
        if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2']));
        $node_info = $_POST['node_info'];
        $sql = "INSERT INTO node (
                    node_ip, node_mac, node_dns1, node_dns2, node_info,
                    subnet_id, asset_id
                ) 
                VALUES (?, ?, ?, ?, ?, ?, ?)";
        $sth = $dbh->prepare($sql);
        $sth->execute([$node_ip, $node_mac, $node_dns1, $node_dns2, $node_info,
                       $subnet_id, $asset_id]);
        $id = $dbh->lastInsertId();
        $action = ACT_VIEW;
        break; 

    case 'update':
        $asset_id = sanitize($_POST['asset_id']);
        $node_ip = sanitize($_POST['node_ip']);
        $subnet_id = sanitize($_POST['subnet_id']);
        $node_mac = strip_mac(sanitize($_POST['node_mac']));
        $node_dns1 = sanitize($_POST['node_dns1']);
        $node_dns2 = sanitize($_POST['node_dns2']);
        $node_info = sanitize($_POST['node_info']);
        $zone_id = sanitize($_POST['zone_id']);
        $flag_deleted = isset($_POST['flag_deleted']) or false;
        $flag_reserved = isset($_POST['flag_reserved']) or false;

        // construct flags
        $flags = array();
        if ($flag_deleted) $flags[] = 'deleted';
        if ($flag_reserved) $flags[] = 'reserved';
        $flags = empty($flags) ? NULL : implode(',', $flags);

        $sql = "UPDATE node SET
                    asset_id=?, node_ip=?, subnet_id=?, node_mac=?,
                    node_dns1=?, node_dns2=?, node_info=?, zone_id=?,
                    node_flags=?
                WHERE node_id=?";
        $sth = $dbh->prepare($sql);
        $sth->execute([$asset_id, $node_ip, $subnet_id, $node_mac, 
                       $node_dns1, $node_dns2, $node_info, $zone_id,
                       $flags,
                       $id]);
        $action = ACT_VIEW;
        break;

    case 'delete':
        $sth = $dbh->prepare("SELECT node_ip FROM node WHERE node_id=?");
        $sth->execute([$id]);
        $node_ip = $sth->fetchColumn();
        $sth = $dbh->prepare("DELETE FROM node WHERE node_id=?");
        $sth->execute([$id]);
        $action = ACT_DEFAULT;
        $g_message->Add(sprintf(_('Node %s deleted'), $node_ip));
        break;

    default:
        $g_error->Add(submit_error($submit));
        $valid = FALSE;
}

// ========== ACTIONS END =====================================================

include("header.php");

if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================

// filter preparation
$p = array();
$w = array();

if(isset($_GET['subnet_id'])) {
    $subnet_id = sanitize($_GET['subnet_id']);
    $w[] = "n.subnet_id=?";
    $p[] = $subnet_id;
    $smarty->assign("subnet_id", $subnet_id);

    // get subnet details for title
    $sql = "SELECT CONCAT_WS('/',subnet_address,subnet_mask) AS subnet
            FROM subnet
            WHERE subnet_id=?";
    $sth = $dbh->prepare($sql);
    $sth->execute([$subnet_id]);
    $smarty->assign("subnet", $sth->fetchColumn());
} else {
    $smarty->assign("subnet_id", '');
}

// deleted records only for admin or manager
if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] == 0)) {
    $w[] = "((n.node_flags IS NULL) OR (n.node_flags & 0x1 = 0))";
}

// create sql with optional filter
$where = join(' AND ', $w);

$sql = "SELECT a.asset_id,
            CONCAT(LEFT(a.asset_info,30), IF(CHAR_LENGTH(a.asset_info)>30,'...','')) AS asset_info,
            REPLACE(a.asset_name, ' ', '&nbsp;') AS asset_name,
            n.node_id, n.node_ip, (n.node_flags & 0x1)=1 AS deleted,
            CONCAT(LEFT(n.node_info,30), IF(CHAR_LENGTH(n.node_info)>30,'...','')) AS node_info,
            c.assetclass_id, c.assetclass_name
        FROM node AS n LEFT JOIN asset AS a USING (asset_id)
            LEFT JOIN assetclass AS c USING (assetclass_id)";
if ($where) {
    $sql .= ' WHERE ' . $where . ' ';
}
$sql .= "GROUP BY n.node_id ORDER BY INET_ATON(n.node_ip)";
$sth = $dbh->prepare($sql);
$sth->execute($p);
$smarty->assign("nodes", $sth->fetchAll());

$smarty->display("node.tpl");

elseif ($action == ACT_ADD):
// ========== VARIANT: add record =============================================

// add node and asset

if ((isset($_GET['node_ip'])) ? $node_ip = sanitize($_GET['node_ip']) : $node_ip = '');
if ((isset($_GET['subnet_id'])) ?  $subnet_id = sanitize($_GET['subnet_id']) : $subnet_id = '');
		
$smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
$smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
$smarty->assign("node_ip", $node_ip);
$smarty->assign("subnet_id", $subnet_id);
	
$smarty->assign("subnet_options", db_get_options_subnet());
$smarty->assign("assetclass_options", db_get_options_assetclass());

$smarty->display("nodeadd.tpl");

elseif ($action == ACT_LINK):
// ========== VARIANT: add node with existing asset ===========================

// addnodetoasset
// same as node add but with existing object
$asset_id = sanitize($_REQUEST['asset_id']);
$node_ip = sanitize($_REQUEST['node_ip']);
$subnet_id = sanitize($_REQUEST['subnet_id']);

$smarty->assign("node_ip", $node_ip);
$smarty->assign("asset_id", $asset_id);
$smarty->assign("subnet_id", $subnet_id);

$smarty->assign("asset_options", db_get_options_asset());
$smarty->assign("subnet_options",  db_get_options_subnet());

$smarty->display("assignnodetoasset.tpl");

elseif ($action == ACT_VIEW):
// ========== VARIANT: view single record =====================================

// node
$sql = "SELECT n.node_id AS id, n.node_ip AS ip, n.node_mac AS mac,
            n.node_dns1 AS dns1, n.node_dns2 AS dns2, n.node_info AS info,
            n.node_type AS type, n.node_flags AS flags, 
            (n.node_flags & 0x1)=1 AS deleted, (n.node_flags & 0x2)=2 AS reserved,
            a.asset_id, a.asset_name,
            c.assetclass_id, c.assetclass_name,
            s.subnet_id, s.subnet_address, s.subnet_mask,
            z.zone_origin
        FROM node AS n LEFT JOIN asset AS a USING (asset_id)
            LEFT JOIN assetclass AS c USING (assetclass_id)
            LEFT JOIN subnet AS s USING (subnet_id)
            LEFT JOIN zone AS z USING (zone_id)
        WHERE n.node_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);

$node = $sth->fetch(PDO::FETCH_OBJ);
$node->mac = write_mac($node->mac, $_SESSION['suser_mac']);
$smarty->assign("node", $node);

// nat
$sql = "SELECT
            asset_ext.asset_id AS asset_id_ext,
            asset_int.asset_id AS asset_id_int,
            asset_ext.asset_name AS asset_name_ext,
            asset_int.asset_name AS asset_name_int,
            nat.nat_id AS nat_id,
            nat.nat_type AS nat_type,
            nat.nat_ext AS nat_ext,
            nat.nat_int AS nat_int,
            node_ext.node_ip AS node_ip_ext,
            node_int.node_ip AS node_ip_int,
            node_int.node_id AS node_id_int,
            node_ext.node_id AS node_id_ext
        FROM
            asset AS asset_ext,
            asset AS asset_int,
            nat,
            node AS node_ext,
            node AS node_int
        WHERE
            (nat.nat_ext=:node_id OR nat.nat_int=:node_id)
            AND node_ext.node_id=nat.nat_ext
            AND node_int.node_id=nat.nat_int
            AND asset_ext.asset_id=node_ext.asset_id
            AND asset_int.asset_id=node_int.asset_id
        ORDER BY
            INET_ATON(node_ext.node_ip),
            INET_ATON(node_int.node_ip)";

$sth = $dbh->prepare($sql);
$sth->execute(['node_id' => $id]);
$smarty->assign("natrules", $sth->fetchAll());

$smarty->display("nodeview.tpl");

elseif ($action == ACT_EDIT):
// ========== VARIANT: edit single record =====================================

$sql = "SELECT node_id AS id, node_ip AS ip, node_mac AS mac,
            node_dns1 AS dns1, node_dns2 AS dns2, node_info AS info,
            zone_id, asset_id, subnet_id, node_flags AS flags
	FROM node
	WHERE node_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$node = $sth->fetch(PDO::FETCH_OBJ);
$node->mac = write_mac($node->mac, $_SESSION['suser_mac']);
$node->flags = explode(',', $node->flags);
$smarty->assign("node", $node);

$smarty->assign("asset_options", db_get_options_asset());
$smarty->assign("subnet_options", db_get_options_subnet());
$smarty->assign("zone_options", db_get_options_zone('(keine)'));

$smarty->display("nodeedit.tpl");

elseif ($action == ACT_DELETE):
// ========== VARIANT: delete record ==========================================

$sql = "SELECT node_id AS id, node_ip AS ip, asset_id FROM node WHERE node_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));

$smarty->display("nodedel.tpl");

else:
// ========== ERROR UNKNOWN VARIANT ===========================================

echo "<p>Unknown function call: Please report to system development!</p>\n";

endif; // $action == ...
// ========== END OF VARIANTS =================================================

$smarty->display('footer.tpl');