<?php
/*****************************************************************************
IP Reg, a PHP/MySQL IPAM tool
Copyright (C) 2007-2009 Wietse Warendorff (up to v0.5)
Copyright (C) 2011-2023 Thomas Hooge
SPDX-License-Identifier: GPL-3.0-or-later
*****************************************************************************/
include("includes.php");
if ($_SERVER['REQUEST_METHOD'] != "POST") {
header_location("comments.php?comments=" . $comments);
exit;
}
if (isset($_POST['redirect'])) {
switch ($_POST['redirect']) {
case ("assigniptonode") :
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("assignnodetoasset") :
header_location("assignnodetoasset.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip);
break;
case ("nodeadd") :
header_location("nodeadd.php?subnet_id=" . $subnet_id . "&node_ip=" . $node_ip);
break;
}
break;
case ("locationsubnet") :
$location_id = sanitize($_POST['location_id']);
switch ($_POST['action']) {
case ("locationsubnetadd") :
header_location("locationsubnetadd.php?location_id=" . $location_id);
break;
case ("locationsubnetdel") :
header_location("locationsubnetdel.php?location_id=" . $location_id);
break;
}
break;
case ("nat") :
$node_id = sanitize($_POST['node_id']);
switch ($_POST['action']) {
case ("natadd") :
header_location("natadd.php?node_id=" . $node_id);
break;
case ("natdel") :
header_location("natdel.php?node_id=" . $node_id);
break;
}
break;
case ("subnetlocation") :
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("subnetlocationadd") :
header_location("subnetlocationadd.php?subnet_id=" . $subnet_id);
break;
case ("subnetlocationdel") :
header_location("subnetlocationdel.php?subnet_id=" . $subnet_id);
break;
}
break;
case ("subnetvlan") :
$subnet_id = sanitize($_POST['subnet_id']);
switch ($_POST['action']) {
case ("subnetvlanadd") :
header_location("subnetvlanadd.php?subnet_id=" . $subnet_id);
break;
case ("subnetvlandel") :
header_location("subnetvlandel.php?subnet_id=" . $subnet_id);
break;
}
break;
case ("vlansubnet") :
$vlan_id = sanitize($_POST['vlan_id']);
switch ($_POST['action']) {
case ("vlansubnetadd") :
header_location("vlansubnetadd.php?vlan_id=" . $vlan_id);
break;
case ("vlansubnetdel") :
header_location("vlansubnetdel.php?vlan_id=" . $vlan_id);
break;
}
break;
}
}
if (isset($_POST['add'])) {
switch ($_POST['add']) {
case ("asset") :
$name = sanitize($_POST['asset_name']);
$hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
$info = sanitize($_POST['asset_info']);
$sql = "INSERT INTO asset
(asset_name, asset_hostname, assetclass_id, asset_info)
VALUE
(?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$name, $hostname, $assetclass_id, $info]);
header_location("assetview.php?asset_id=" . $dbh->lastInsertId());
break;
case ("assetclass") :
$assetclass_name = sanitize($_POST['assetclass_name']);
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
$sql = "INSERT INTO assetclass
(assetclass_name, assetclassgroup_id)
VALUE
(?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclass_name, $assetclassgroup_id]);
header_location("assetclassview.php?assetclass_id=" . $dbh->lastInsertId());
break;
case ("assetclassgroup") :
$name = sanitize($_POST['acg_name']);
$color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
$desc = sanitize($_POST['acg_description']);
$sql = "INSERT INTO assetclassgroup
(assetclassgroup_name, assetclassgroup_color, assetclassgroup_description)
VALUE
(?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$name, $color, $desc]);
header_location("assetclassgroupview.php?assetclassgroup_id=" . $dbh->lastInsertId());
break;
case ("assignnodetoasset") :
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
$asset_id = sanitize($_POST['asset_id']);
$node_mac = strip_mac(sanitize($_POST['node_mac']));
if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1']));
if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2']));
$node_info = $_POST['node_info'];
$sql = "INSERT INTO node (
node_ip,
node_mac,
node_dns1,
node_dns2,
subnet_id,
asset_id,
node_info)
VALUE
(?, ?, ?, ?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$node_ip, $node_mac, $node_dns1, $node_dns2,
$subnet_id, $asset_id, $node_info]);
header_location("nodeview.php?node_id=" . $dbh->lastInsertId());
break;
case ("assignlocationtosubnet") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
$sql = "INSERT INTO subnetlocation (location_id, subnet_id)
VALUE (?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id, $subnet_id]);
header_location("Location: location.php?location_id=" . $dbh->lastInsertId());
break;
case ("assignsubnettovlan") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
$sql = "UPDATE subnet SET vlan_id=? WHERE subnet_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_id, $subnet_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("location") :
$name = sanitize($_POST['location_name']);
$parent = sanitize($_POST['location_parent']);
$info = sanitize($_POST['location_info']);
$sql = "INSERT INTO location (
location_name, location_parent, location_info
)
VALUE (?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$name, $parent, $info]);
header_location("locationview.php?location_id=" . $dbh->lastInsertId());
break;
case ("locationsubnet") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
$sql = "INSERT INTO subnetlocation (location_id, subnet_id)
VALUE (?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id, $subnet_id]);
header_location("locationview.php?location_id=" . $location_id);
break;
case ("nat") :
$node_id_ext = sanitize($_POST['node_id_ext']);
$node_id_int = sanitize($_POST['node_id_int']);
$nat_type = sanitize($_POST['nat_type']);
$sql = "INSERT INTO nat (nat_ext, nat_int, nat_type)
VALUE (?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$node_id_ext, $node_id_int, $nat_type]);
header_location("nodeview.php?node_id=" . $node_id_ext);
break;
case ("node") :
$asset_name = sanitize($_POST['asset_name']);
$asset_hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
$ip = sanitize($_POST['node_ip']);
$mac = strip_mac(sanitize($_POST['node_mac']));
if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1']));
if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2']));
$node_info = sanitize($_POST['node_info']);
$subnet_id = $_POST['subnet_id'];
$sql = "INSERT INTO asset (asset_name, asset_hostname, assetclass_id)
VALUE (?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$asset_name, $asset_hostname, $assetclass_id]);
$asset_id = $dbh->lastInsertId();
$sql = "INSERT INTO node (
node_ip, node_mac, node_dns1, node_dns2, node_info,
subnet_id, asset_id
)
VALUE (?, ?, ?, ?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$ip, $mac, $dns1, $dns2, $node_info, $subnet_id, $asset_id]);
header_location("nodeview.php?node_id=" . $dbh->lastInsertId());
break;
case ("subnet") :
$subnet_address= sanitize($_POST['subnet_address']);
$subnet_mask = sanitize($_POST['subnet_mask']);
$subnet_info = sanitize($_POST['subnet_info']);
$sql = "INSERT INTO subnet (subnet_address, subnet_mask, subnet_info)
VALUE (?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$subnet_address, $subnet_mask, $subnet_info]);
header_location("subnetview.php?subnet_id=" . $dbh->lastInsertId());
break;
case ("subnetlocation") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
$sql = "INSERT INTO subnetlocation (location_id, subnet_id)
VALUE (?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$location_id, $subnet_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("subnetvlan") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
$sql = "INSERT INTO subnetvlan (subnet_id, vlan_id)
VALUE (?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$subnet_id, $vlan_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
$user_name = strtolower(sanitize($_POST['user_name']));
$user_displayname = sanitize($_POST['user_displayname']);
$user_password = md5(sanitize($_POST['user_password']));
// check if username exists
$sth = $dbh->prepare("SELECT COUNT(*) FROM user WHERE user_name=?");
$sth->execute([$user_name]);
if ($sth->fetchColumn() == 0) {
$sql = "INSERT INTO user (user_name, user_displayname, user_pass)
VALUE (?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$user_name, $user_displayname, $user_password]);
header_location("userview.php?user_id=" . $dbh->lastInsertId());
break;
}
$comments = "usernameinuse";
break;
case ("vlan") :
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
$sql = "INSERT INTO vlan (vlan_name, vlan_number, vlan_info)
VALUE (?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_name, $vlan_number, $vlan_info]);
header_location("vlanview.php?vlan_id=" . $dbh->lastInsertId());
break;
case ("vlansubnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
$sql = "INSERT INTO subnetvlan (subnet_id, vlan_id)
VALUE (?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$subnet_id, $vlan_id]);
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
$zone_origin = sanitize($_POST['zone_origin']);
$zone_ttl_default = sanitize($_POST['zone_ttl_default']);
$zone_soa = sanitize($_POST['zone_soa']);
$zone_hostmaster = sanitize($_POST['zone_hostmaster']);
$zone_refresh = sanitize($_POST['zone_refresh']);
$zone_retry = sanitize($_POST['zone_retry']);
$zone_expire = sanitize($_POST['zone_expire']);
$zone_ttl = sanitize($_POST['zone_ttl']);
$zone_serial = sanitize($_POST['zone_serial']);
$zone_ns1 = sanitize($_POST['zone_ns1']);
$zone_ns2 = sanitize($_POST['zone_ns2']);
$zone_ns3 = sanitize($_POST['zone_ns3']);
$zone_mx1 = sanitize($_POST['zone_mx1']);
$zone_mx2 = sanitize($_POST['zone_mx2']);
$zone_info = sanitize($_POST['zone_info']);
$sql = "INSERT INTO zone (
zone_origin, zone_ttl_default, zone_soa, zone_hostmaster,
zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial,
zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info)
VALUE (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$zone_origin, $zone_ttl_default, $zone_soa, $zone_hostmaster,
$zone_refresh, $zone_retry, $zone_expire, $zone_ttl, $zone_serial,
$zone_ns1, $zone_ns2, $zone_ns3, $zone_mx1, $zone_mx2, $zone_info]);
header_location("zoneview.php?zone_id=" . $dbh->lastInsertId());
break;
}
}
if (isset($_POST['del'])) {
switch ($_POST['del']) {
case ("asset") :
$asset_id = sanitize($_POST['asset_id']);
$sth = $dbh->prepare("DELETE FROM asset WHERE asset_id=?");
$sth->execute([$asset_id]);
$sth = $dbh->prepare("DELETE FROM node WHERE asset_id=?");
$sth->execute([$asset_id]);
header_location("asset.php");
break;
case ("assetclass") :
$assetclass_id = sanitize($_POST['assetclass_id']);
$sth = $dbh->prepare("DELETE FROM assetclass WHERE assetclass_id=?");
$sth->execute([$assetclass_id]);
header_location("assetclass.php");
break;
case ("assetclassgroup") :
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
$sth = $dbh->prepare("DELETE FROM assetclassgroup WHERE assetclassgroup_id=?");
$sth->execute([$assetclassgroup_id]);
header_location("assetclassgroup.php");
break;
case ("location") :
$location_id = sanitize($_POST['location_id']);
$sth = $dbh->prepare("DELETE FROM location WHERE location_id=?");
$sth->execute([$location_id]);
header_location("location.php");
break;
case ("locationsubnet") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
$sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
$sth->execute([$location_id, $subnet_id]);
header_location("locationview.php?location_id=" . $location_id);
break;
case ("nat") :
$nat_id = sanitize($_POST['nat_id']);
$node_id_ext = sanitize($_POST['node_id_ext']);
$sth = $dbh->prepare("DELETE FROM nat WHERE nat_id=?");
$sth->execute([$nat_id]);
header_location("nodeview.php?node_id=" . $node_id_ext);
break;
case ("node") :
$node_id = sanitize($_POST['node_id']);
$sth = $dbh->prepare("DELETE FROM node WHERE node_id=?");
$sth->execute([$node_id]);
header_location("assetview.php?asset_id=" . $asset_id);
break;
case ("subnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$sth = $dbh->prepare("DELETE FROM subnet WHERE subnet_id=?");
$sth->execute([$subnet_id]);
$sth = $dbh->prepare("DELETE FROM node WHERE subnet_id=?");
$sth->execute([$subnet_id]);
header_location("subnet.php");
break;
case ("subnetlocation") :
$location_id = sanitize($_POST['location_id']);
$subnet_id = sanitize($_POST['subnet_id']);
$sth = $dbh->prepare("DELETE FROM subnetlocation WHERE location_id=? AND subnet_id=?");
$sth->execute([$location_id, $subnet_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("subnetvlan") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
$sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?");
$sth->execute([$subnet_id, $vlan_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
$user_id = sanitize($_POST['user_id']);
$sth = $dbh->prepare("DELETE FROM user WHERE user_id=?");
$sth->execute([$user_id]);
header_location("user.php");
break;
case ("vlan") :
$vlan_id = sanitize($_POST['vlan_id']);
$sth = $dbh->prepare("DELETE FROM vlan WHERE vlan_id=");
$sth->execute([$vlan_id]);
header_location("vlan.php");
break;
case ("vlansubnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$vlan_id = sanitize($_POST['vlan_id']);
$sth = $dbh->prepare("DELETE FROM subnetvlan WHERE subnet_id=? AND vlan_id=?");
$sth->execute([$subnet_id, $vlan_id]);
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
$zone_id = sanitize($_POST['zone_id']);
$sth = $dbh->prepare("DELETE FROM zone WHERE zone_id=?");
$sth->execute([$zone_id]);
header_location("zone.php");
break;
}
}
if (isset($_POST['edit'])) {
switch ($_POST['edit']) {
case ("asset") :
$asset_id = sanitize($_POST['asset_id']);
$asset_name = sanitize($_POST['asset_name']);
$asset_info = sanitize($_POST['asset_info']);
$asset_hostname = sanitize($_POST['asset_hostname']);
$assetclass_id = sanitize($_POST['assetclass_id']);
$sql = "UPDATE asset SET
asset_name=?, asset_info=?, asset_hostname=?,
assetclass_id=?
WHERE asset_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$asset_name, $asset_info, $asset_hostname, $assetclass_id, $asset_id]);
header_location("assetview.php?asset_id=" . $asset_id);
case ("assetclass") :
$assetclass_id = sanitize($_POST['assetclass_id']);
$assetclass_name = sanitize($_POST['assetclass_name']);
$assetclassgroup_id = sanitize($_POST['assetclassgroup_id']);
$sql = "UPDATE assetclass SET
assetclass_name=?, assetclassgroup_id=?
WHERE assetclass_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$assetclass_name, $assetclassgroup_id, $assetclass_id]);
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
break;
case ("assetclassgroup") :
$acg_id = sanitize($_POST['acg_id']);
$acg_name = sanitize($_POST['acg_name']);
$acg_desc = sanitize($_POST['acg_description']);
$acg_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['acg_color'])));
$sql = "UPDATE assetclassgroup SET
assetclassgroup_name=?, assetclassgroup_color=?, assetclassgroup_description=?
WHERE assetclassgroup_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$acg_name, $acg_color, $acg_desc, $acg_id]);
header_location("assetclassgroupview.php?assetclassgroup_id=" . $acg_id);
break;
case ("location") :
$location_id = sanitize($_POST['location_id']);
$location_name = sanitize($_POST['location_name']);
$location_info = sanitize($_POST['location_info']);
$parentlocation_id = sanitize($_POST['parentlocation_id']);
$sql = "UPDATE location SET
location_name=?, location_parent=?, location_info=?
WHERE location_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$location_name, $parentlocation_id, $location_info, $location_id]);
header_location("locationview.php?location_id=" . $location_id);
break;
case ("node") :
$node_id = sanitize($_POST['node_id']);
$asset_id = sanitize($_POST['asset_id']);
$node_ip = sanitize($_POST['node_ip']);
$subnet_id = sanitize($_POST['subnet_id']);
$node_mac = strip_mac(sanitize($_POST['node_mac']));
$node_dns1 = sanitize($_POST['node_dns1']);
$node_dns2 = sanitize($_POST['node_dns2']);
$node_info = sanitize($_POST['node_info']);
$zone_id = sanitize($_POST['zone_id']);
$sql = "UPDATE node SET
asset_id=?, node_ip=?, subnet_id=?, node_mac=?,
node_dns1=?, node_dns2=?, node_info=?, zone_id=?
WHERE node_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$asset_id, $node_ip, $subnet_id, $node_mac,
$node_dns1, $node_dns2, $node_info, $zone_id,
$node_id]);
header_location("nodeview.php?node_id=" . $node_id);
break;
case ("optionsdisplay") :
$id = $_SESSION['suser_id'];
$language = $_POST['user_language'];
$imagesize = sanitize($_POST['user_imagesize']);
$imagecount = sanitize($_POST['user_imagecount']);
$mac = sanitize($_POST['user_mac']);
$dateformat = sanitize($_POST['user_dateformat']);
$dns1suffix = sanitize($_POST['user_dns1suffix']);
$dns2suffix = sanitize($_POST['user_dns2suffix']);
$menu_assets = sanitize($_POST['user_menu_assets']);
$menu_assetclasses = sanitize($_POST['user_menu_assetclasses']);
$menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']);
$menu_locations = sanitize($_POST['user_menu_locations']);
$menu_nodes = sanitize($_POST['user_menu_nodes']);
$menu_subnets = sanitize($_POST['user_menu_subnets']);
$menu_users = sanitize($_POST['user_menu_users']);
$menu_vlans = sanitize($_POST['user_menu_vlans']);
$menu_zones = sanitize($_POST['user_menu_zones']);
$tooltips = sanitize($_POST['user_tooltips']);
$sql = "UPDATE user SET
user_language=?, user_imagesize=?, user_imagecount=?, user_mac=?, user_dateformat=?,
user_dns1suffix=?, user_dns2suffix=?, user_menu_assets=?, user_menu_assetclasses=?,
user_menu_assetclassgroups=?, user_menu_locations=?, user_menu_nodes=?,
user_menu_subnets=?, user_menu_users=?, user_menu_vlans=?, user_menu_zones=?,
user_tooltips=?
WHERE
user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$language, $imagesize, $imagecount, $mac, $dateformat,
$dns1suffix, $dns2suffix, $menu_assets, $menu_assetclasses,
$menu_assetclassgroups, $menu_locations, $menu_nodes,
$menu_subnets, $menu_users, $menu_vlans, $menu_zones,
$tooltips, $id]);
$_SESSION['suser_language'] = $language;
$_SESSION['suser_imagesize'] = $imagesize;
$_SESSION['suser_imagecount'] = $imagecount;
$_SESSION['suser_mac'] = $mac;
$_SESSION['suser_dateformat'] = $dateformat;
$_SESSION['suser_dns1suffix'] = $dns1suffix;
$_SESSION['suser_dns2suffix'] = $dns2suffix;
$_SESSION['suser_menu_assets'] = $menu_assets;
$_SESSION['suser_menu_assetclasses'] = $menu_assetclasses;
$_SESSION['suser_menu_assetclassgroups'] = $menu_assetclassgroups;
$_SESSION['suser_menu_locations'] = $menu_locations;
$_SESSION['suser_menu_nodes'] = $menu_nodes;
$_SESSION['suser_menu_subnets'] = $menu_subnets;
$_SESSION['suser_menu_users'] = $menu_users;
$_SESSION['suser_menu_vlans'] = $menu_vlans;
$_SESSION['suser_menu_zones'] = $menu_zones;
$_SESSION['suser_tooltips'] = $tooltips;
header_location("options.php");
break;
case ("optionspassword") :
$user_id = $_SESSION['suser_id'];
$currentpass = sanitize($_POST['user_currentpass']);
$newpass1 = sanitize($_POST['user_newpass1']);
$newpass2 = sanitize($_POST['user_newpass2']);
$sth = $dbh->prepare("SELECT user_pass FROM user WHERE user_id=?");
$sth->execute([$user_id]);
$userpass = $sth->fetchColumn();;
if (password_verify($currentpass, $userpass)) {
if (!strcmp($newpass1, $newpass2)) {
$sth = $dbh->prepare("UPDATE user SET user_pass=? WHERE user_id=?");
$newhash = password_hash($newpass1, PASSWORD_BCRYPT);
$sth->execute([$newhash, $user_id]);
header_location("options.php");
}
}
// TODO generate errormessages here
break;
case ("subnet") :
$subnet_id = sanitize($_POST['subnet_id']);
$subnet_address= sanitize($_POST['subnet_address']);
$subnet_proto_vers = sanitize($_POST['subnet_proto_vers']);
$subnet_mask = sanitize($_POST['subnet_mask']);
$subnet_dhcpstart = sanitize($_POST['subnet_dhcpstart']);
$subnet_dhcpend = sanitize($_POST['subnet_dhcpend']);
$subnet_ntp_server = sanitize($_POST['subnet_ntp_server']);
$subnet_info = sanitize($_POST['subnet_info']);
$sql = "UPDATE subnet SET
subnet_address=?, subnet_mask=?, subnet_dhcp_start=?,
subnet_dhcp_end=?, subnet_info=?, protocol_version=?,
ntp_server=?
WHERE subnet_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$subnet_address, $subnet_mask, $subnet_dhcpstart,
$subnet_dhcpend, $subnet_info, $subnet_proto_vers,
$subnet_ntp_server, $subnet_id]);
header_location("subnetview.php?subnet_id=" . $subnet_id);
break;
case ("user") :
$user_id = sanitize($_POST['user_id']);
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
$user_realm = sanitize($_POST['user_realm']);
$sql = "UPDATE user SET user_name=?, user_displayname=?, user_realm=? WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_name ,$user_displayname, $user_realm, $user_id]);
header_location("userview.php?user_id=" . $user_id);
break;
case ("vlan") :
$vlan_id = sanitize($_POST['vlan_id']);
$vlan_name = sanitize($_POST['vlan_name']);
$vlan_number = sanitize($_POST['vlan_number']);
$vlan_info = sanitize($_POST['vlan_info']);
$sql = "UPDATE vlan SET vlan_name=?, vlan_number=?, vlan_info=? WHERE vlan_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$vlan_name, $vlan_number, $vlan_info, $vlan_id]);
header_location("vlanview.php?vlan_id=" . $vlan_id);
break;
case ("zone") :
$id = sanitize($_POST['zone_id']);
$origin = sanitize($_POST['zone_origin']);
$ttl_default = sanitize($_POST['zone_ttl_default']);
$soa = sanitize($_POST['zone_soa']);
$hostmaster = sanitize($_POST['zone_hostmaster']);
$refresh = sanitize($_POST['zone_refresh']);
$retry = sanitize($_POST['zone_retry']);
$expire = sanitize($_POST['zone_expire']);
$ttl = sanitize($_POST['zone_ttl']);
$serial = sanitize($_POST['zone_serial']);
$ns1 = sanitize($_POST['zone_ns1']);
$ns2 = sanitize($_POST['zone_ns2']);
$ns3 = sanitize($_POST['zone_ns3']);
$mx1 = sanitize($_POST['zone_mx1']);
$mx2 = sanitize($_POST['zone_mx2']);
$info = sanitize($_POST['zone_info']);
$sql = "UPDATE zone SET
zone_origin=?, zone_ttl_default=?, zone_soa=?, zone_hostmaster=?,
zone_refresh=?, zone_retry=?, zone_expire=?, zone_ttl=?, zone_serial=?,
zone_ns1=?, zone_ns2=?, zone_ns3=?, zone_mx1=?, zone_mx2=?, zone_info=?
WHERE zone_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$origin, $ttl_default, $soa, $hostmaster, $refresh, $retry,
$expire, $ttl, $serial, $ns1, $ns2, $ns3, $mx1, $mx2, $info,
$id]);
header_location("zoneview.php?zone_id=" . $zone_id);
break;
}
}
// still not redirected, check for error
if(empty($comments)) {
$comments = "error";
}
header_location("comments.php?comments=" . $comments);
?>