<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'] or $id = 0;
}
// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {
case NULL: break;
case 'add': $action = ACT_ADD; break;
case 'link': $action = ACT_LINK; break;
case 'view': $action = ACT_VIEW; break;
case 'edit': $action = ACT_EDIT; break;
case 'del': $action = ACT_DELETE; break;
case 'insert':
// node with asset or link node to asset
$asset_name = sanitize($_POST['asset_name']);
$asset_hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
$ip = sanitize($_POST['node_ip']);
$mac = strip_mac(sanitize($_POST['node_mac']));
if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1']));
if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2']));
$node_info = sanitize($_POST['node_info']);
$subnet_id = $_POST['subnet_id'];
$sql = "INSERT INTO asset (asset_name, asset_hostname, assetclass_id)
VALUE (?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$asset_name, $asset_hostname, $assetclass_id]);
$asset_id = $dbh->lastInsertId();
$sql = "INSERT INTO node (
node_ip, node_mac, node_dns1, node_dns2, node_info,
subnet_id, asset_id
)
VALUES (?, ?, ?, ?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$ip, $mac, $dns1, $dns2, $node_info, $subnet_id, $asset_id]);
$action = ACT_VIEW;
break;
case 'exec-link':
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
$asset_id = sanitize($_POST['asset_id']);
$node_mac = strip_mac(sanitize($_POST['node_mac']));
if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1']));
if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2']));
$node_info = $_POST['node_info'];
$sql = "INSERT INTO node (
node_ip, node_mac, node_dns1, node_dns2, node_info,
subnet_id, asset_id
)
VALUES (?, ?, ?, ?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$node_ip, $node_mac, $node_dns1, $node_dns2, $node_info,
$subnet_id, $asset_id]);
$id = $dbh->lastInsertId();
$action = ACT_VIEW;
break;
case 'update':
$asset_id = sanitize($_POST['asset_id']);
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
$node_mac = strip_mac(sanitize($_POST['node_mac']));
$node_dns1 = sanitize($_POST['node_dns1']);
$node_dns2 = sanitize($_POST['node_dns2']);
$node_info = sanitize($_POST['node_info']);
$zone_id = sanitize($_POST['zone_id']);
$flag_deleted = isset($_POST['flag_deleted']) or false;
$flag_reserved = isset($_POST['flag_reserved']) or false;
// construct flags
$flags = array();
if ($flag_deleted) $flags[] = 'deleted';
if ($flag_reserved) $flags[] = 'reserved';
$flags = empty($flags) ? NULL : implode(',', $flags);
$sql = "UPDATE node SET
asset_id=?, node_ip=?, subnet_id=?, node_mac=?,
node_dns1=?, node_dns2=?, node_info=?, zone_id=?,
node_flags=?
WHERE node_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$asset_id, $node_ip, $subnet_id, $node_mac,
$node_dns1, $node_dns2, $node_info, $zone_id,
$flags,
$id]);
$action = ACT_VIEW;
break;
case 'delete':
$sth = $dbh->prepare("SELECT node_ip FROM node WHERE node_id=?");
$sth->execute([$id]);
$node_ip = $sth->fetchColumn();
$sth = $dbh->prepare("DELETE FROM node WHERE node_id=?");
$sth->execute([$id]);
$action = ACT_DEFAULT;
$g_message->Add(sprintf(_('Node %s deleted'), $node_ip));
break;
default:
$g_error->Add(submit_error($submit));
$valid = FALSE;
}
// ========== ACTIONS END =====================================================
include("header.php");
if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================
// filter preparation
$p = array();
$w = array();
if(isset($_GET['subnet_id'])) {
$subnet_id = sanitize($_GET['subnet_id']);
$w[] = "n.subnet_id=?";
$p[] = $subnet_id;
$smarty->assign("subnet_id", $subnet_id);
// get subnet details for title
$sql = "SELECT CONCAT_WS('/',subnet_address,subnet_mask) AS subnet
FROM subnet
WHERE subnet_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$subnet_id]);
$smarty->assign("subnet", $sth->fetchColumn());
} else {
$smarty->assign("subnet_id", '');
}
// deleted records only for admin or manager
if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] == 0)) {
$w[] = "((n.node_flags IS NULL) OR (n.node_flags & 0x1 = 0))";
}
// create sql with optional filter
$where = join(' AND ', $w);
$sql = "SELECT a.asset_id,
CONCAT(LEFT(a.asset_info,30), IF(CHAR_LENGTH(a.asset_info)>30,'...','')) AS asset_info,
REPLACE(a.asset_name, ' ', ' ') AS asset_name,
n.node_id, n.node_ip, (n.node_flags & 0x1)=1 AS deleted,
CONCAT(LEFT(n.node_info,30), IF(CHAR_LENGTH(n.node_info)>30,'...','')) AS node_info,
c.assetclass_id, c.assetclass_name
FROM node AS n LEFT JOIN asset AS a USING (asset_id)
LEFT JOIN assetclass AS c USING (assetclass_id)";
if ($where) {
$sql .= ' WHERE ' . $where . ' ';
}
$sql .= "GROUP BY n.node_id ORDER BY INET_ATON(n.node_ip)";
$sth = $dbh->prepare($sql);
$sth->execute($p);
$smarty->assign("nodes", $sth->fetchAll());
$smarty->display("node.tpl");
elseif ($action == ACT_ADD):
// ========== VARIANT: add record =============================================
// add node and asset
if ((isset($_GET['node_ip'])) ? $node_ip = sanitize($_GET['node_ip']) : $node_ip = '');
if ((isset($_GET['subnet_id'])) ? $subnet_id = sanitize($_GET['subnet_id']) : $subnet_id = '');
$smarty->assign("user_dns1suffix", $_SESSION['suser_dns1suffix']);
$smarty->assign("user_dns2suffix", $_SESSION['suser_dns2suffix']);
$smarty->assign("node_ip", $node_ip);
$smarty->assign("subnet_id", $subnet_id);
$smarty->assign("subnet_options", db_get_options_subnet());
$smarty->assign("assetclass_options", db_get_options_assetclass());
$smarty->display("nodeadd.tpl");
elseif ($action == ACT_LINK):
// ========== VARIANT: add node with existing asset ===========================
// addnodetoasset
// same as node add but with existing object
$asset_id = sanitize($_REQUEST['asset_id']);
$node_ip = sanitize($_REQUEST['node_ip']);
$subnet_id = sanitize($_REQUEST['subnet_id']);
$smarty->assign("node_ip", $node_ip);
$smarty->assign("asset_id", $asset_id);
$smarty->assign("subnet_id", $subnet_id);
$smarty->assign("asset_options", db_get_options_asset());
$smarty->assign("subnet_options", db_get_options_subnet());
$smarty->display("assignnodetoasset.tpl");
elseif ($action == ACT_VIEW):
// ========== VARIANT: view single record =====================================
// node
$sql = "SELECT n.node_id AS id, n.node_ip AS ip, n.node_mac AS mac,
n.node_dns1 AS dns1, n.node_dns2 AS dns2, n.node_info AS info,
n.node_type AS type, n.node_flags AS flags,
(n.node_flags & 0x1)=1 AS deleted, (n.node_flags & 0x2)=2 AS reserved,
a.asset_id, a.asset_name,
c.assetclass_id, c.assetclass_name,
s.subnet_id, s.subnet_address, s.subnet_mask,
z.zone_origin
FROM node AS n LEFT JOIN asset AS a USING (asset_id)
LEFT JOIN assetclass AS c USING (assetclass_id)
LEFT JOIN subnet AS s USING (subnet_id)
LEFT JOIN zone AS z USING (zone_id)
WHERE n.node_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$node = $sth->fetch(PDO::FETCH_OBJ);
$node->mac = write_mac($node->mac, $_SESSION['suser_mac']);
$smarty->assign("node", $node);
// nat
$sql = "SELECT
asset_ext.asset_id AS asset_id_ext,
asset_int.asset_id AS asset_id_int,
asset_ext.asset_name AS asset_name_ext,
asset_int.asset_name AS asset_name_int,
nat.nat_id AS nat_id,
nat.nat_type AS nat_type,
nat.nat_ext AS nat_ext,
nat.nat_int AS nat_int,
node_ext.node_ip AS node_ip_ext,
node_int.node_ip AS node_ip_int,
node_int.node_id AS node_id_int,
node_ext.node_id AS node_id_ext
FROM
asset AS asset_ext,
asset AS asset_int,
nat,
node AS node_ext,
node AS node_int
WHERE
(nat.nat_ext=:node_id OR nat.nat_int=:node_id)
AND node_ext.node_id=nat.nat_ext
AND node_int.node_id=nat.nat_int
AND asset_ext.asset_id=node_ext.asset_id
AND asset_int.asset_id=node_int.asset_id
ORDER BY
INET_ATON(node_ext.node_ip),
INET_ATON(node_int.node_ip)";
$sth = $dbh->prepare($sql);
$sth->execute(['node_id' => $id]);
$smarty->assign("natrules", $sth->fetchAll());
$smarty->display("nodeview.tpl");
elseif ($action == ACT_EDIT):
// ========== VARIANT: edit single record =====================================
$sql = "SELECT node_id AS id, node_ip AS ip, node_mac AS mac,
node_dns1 AS dns1, node_dns2 AS dns2, node_info AS info,
zone_id, asset_id, subnet_id, node_flags AS flags
FROM node
WHERE node_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$node = $sth->fetch(PDO::FETCH_OBJ);
$node->mac = write_mac($node->mac, $_SESSION['suser_mac']);
$node->flags = explode(',', $node->flags);
$smarty->assign("node", $node);
$smarty->assign("asset_options", db_get_options_asset());
$smarty->assign("subnet_options", db_get_options_subnet());
$smarty->assign("zone_options", db_get_options_zone('(keine)'));
$smarty->display("nodeedit.tpl");
elseif ($action == ACT_DELETE):
// ========== VARIANT: delete record ==========================================
$sql = "SELECT node_id AS id, node_ip AS ip, asset_id FROM node WHERE node_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$smarty->assign("node", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("nodedel.tpl");
else:
// ========== ERROR UNKNOWN VARIANT ===========================================
echo "<p>Unknown function call: Please report to system development!</p>\n";
endif; // $action == ...
// ========== END OF VARIANTS =================================================
$smarty->display('footer.tpl');