db_insert($query); header_location("assetview.php?asset_id=" . $asset_id); break; case ("assetclass") : $assetclass_name = sanitize($_POST['assetclass_name']); $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']); $query = "INSERT INTO assetclass( assetclass_name, assetclassgroup_id ) VALUE ( '$assetclass_name', '$assetclassgroup_id' )"; $assetclass_id = $db->db_insert($query); header_location("assetclassview.php?assetclass_id=" . $assetclass_id); break; case ("assetclassgroup") : $assetclassgroup_name = sanitize($_POST['assetclassgroup_name']); $assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color']))); $query = "INSERT INTO assetclassgroup( assetclassgroup_name, assetclassgroup_color ) VALUE ( '$assetclassgroup_name', '$assetclassgroup_color' )"; $assetclassgroup_id = $db->db_insert($query); header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id); break; case ("assignnodetoasset") : $node_ip = sanitize($_POST['node_ip']); $subnet_id = sanitize($_POST['subnet_id']); $asset_id = sanitize($_POST['asset_id']); $node_mac = strip_mac(sanitize($_POST['node_mac'])); if ((!empty($_POST['node_dns1']) && isset($_POST['node_dns1suffix'])) ? $node_dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $node_dns1 = sanitize($_POST['node_dns1'])); if ((!empty($_POST['node_dns2']) && isset($_POST['node_dns2suffix'])) ? $node_dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $node_dns2 = sanitize($_POST['node_dns2'])); $node_info = $_POST['node_info']; $query = "INSERT INTO node( node_ip, node_mac, node_dns1, node_dns2, subnet_id, asset_id, node_info ) VALUE ( '$node_ip', '$node_mac', '$node_dns1', '$node_dns2', '$subnet_id', '$asset_id', '$node_info' )"; $node_id = $db->db_insert($query); header_location("nodeview.php?node_id=" . $node_id); break; case ("assignlocationtosubnet") : $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); $query = "INSERT INTO subnetlocation( location_id, subnet_id ) VALUE ( '$location_id', '$subnet_id' )"; $db->db_insert($query); header_location("Location: location.php"); break; case ("assignsubnettovlan") : $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); $query = "UPDATE subnet SET vlan_id='$vlan_id' WHERE subnet_id='$subnet_id'"; $db->db_update($query); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("location") : $location_name = sanitize($_POST['location_name']); $location_parent = sanitize($_POST['location_parent']); $location_info = sanitize($_POST['location_info']); $query = "INSERT INTO location( location_name, location_parent, location_info ) VALUE ( '$location_name', '$location_parent', '$location_info' )"; $location_id = $db->db_insert($query); header_location("locationview.php?location_id=" . $location_id); break; case ("locationsubnet") : $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); $query = "INSERT INTO subnetlocation( location_id, subnet_id ) VALUE ( '$location_id', '$subnet_id' )"; $newid = $db->db_insert($query); header_location("locationview.php?location_id=" . $location_id); break; case ("nat") : $node_id_ext = sanitize($_POST['node_id_ext']); $node_id_int = sanitize($_POST['node_id_int']); $nat_type = sanitize($_POST['nat_type']); $query = "INSERT INTO nat( nat_ext, nat_int, nat_type ) VALUE ( '$node_id_ext', '$node_id_int', '$nat_type' )"; $db->db_insert($query); header_location("nodeview.php?node_id=" . $node_id_ext); break; case ("node") : $asset_name = sanitize($_POST['asset_name']); $asset_hostname = sanitize($_POST['asset_hostname']); $assetclass_id = sanitize($_POST['assetclass_id']); $ip = sanitize($_POST['node_ip']); $mac = strip_mac(sanitize($_POST['node_mac'])); if ((!empty($_POST['node_dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = sanitize($_POST['node_dns1']) . $config_dns1suffix : $dns1 = sanitize($_POST['node_dns1'])); if ((!empty($_POST['node_dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = sanitize($_POST['node_dns2']) . $config_dns2suffix : $dns2 = sanitize($_POST['node_dns2'])); $node_info = sanitize($_POST['node_info']); $subnet_id = $_POST['subnet_id']; $query = "INSERT INTO asset( asset_name, asset_hostname, assetclass_id ) VALUE ( '$asset_name', '$asset_hostname', '$assetclass_id' )"; $asset_id = $db->db_insert($query); $query = "INSERT INTO node( node_ip, node_mac, node_dns1, node_dns2, node_info, subnet_id, asset_id ) VALUE ( '$ip', '$mac', '$dns1', '$dns2', '$node_info', '$subnet_id', '$asset_id' )"; $node_id = $db->db_insert($query); header_location("nodeview.php?node_id=" . $node_id); break; case ("subnet") : $subnet_address= sanitize($_POST['subnet_address']); $subnet_mask = sanitize($_POST['subnet_mask']); $subnet_info = sanitize($_POST['subnet_info']); $query = "INSERT INTO subnet( subnet_address, subnet_mask, subnet_info ) VALUE ( '$subnet_address', '$subnet_mask', '$subnet_info' )"; $subnet_id = $db->db_insert($query); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("subnetlocation") : $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); $query = "INSERT INTO subnetlocation( location_id, subnet_id ) VALUE ( '$location_id', '$subnet_id' )"; $db->db_insert($query); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("subnetvlan") : $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); $query = "INSERT INTO subnetvlan( subnet_id, vlan_id ) VALUE ( '$subnet_id', '$vlan_id' )"; $db->db_insert($query); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("user") : $user_name = strtolower(sanitize($_POST['user_name'])); $user_displayname = sanitize($_POST['user_displayname']); $user_password = md5(sanitize($_POST['user_password'])); $query = "SELECT user_name FROM user WHERE user_name='$user_name'"; $users = $db->db_select($query); $user_counter = count($users); if ($user_counter==0) { $query = "INSERT INTO user( user_name, user_displayname, user_pass ) VALUE ( '$user_name', '$user_displayname', '$user_password' )"; $user_id = $db->db_insert($query); header_location("userview.php?user_id=" . $user_id); } $comments = "usernameinuse"; break; case ("vlan") : $vlan_name = sanitize($_POST['vlan_name']); $vlan_number = sanitize($_POST['vlan_number']); $vlan_info = sanitize($_POST['vlan_info']); $query = "INSERT INTO vlan( vlan_name, vlan_number, vlan_info ) VALUE ( '$vlan_name', '$vlan_number', '$vlan_info' )"; $vlan_id = $db->db_insert($query); header_location("vlanview.php?vlan_id=" . $vlan_id); break; case ("vlansubnet") : $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); $query = "INSERT INTO subnetvlan( subnet_id, vlan_id ) VALUE ( '$subnet_id', '$vlan_id' )"; $db->db_insert($query); header_location("vlanview.php?vlan_id=" . $vlan_id); break; case ("zone") : $zone_origin = sanitize($_POST['zone_origin']); $zone_ttl_default = sanitize($_POST['zone_ttl_default']); $zone_soa = sanitize($_POST['zone_soa']); $zone_hostmaster = sanitize($_POST['zone_hostmaster']); $zone_refresh = sanitize($_POST['zone_refresh']); $zone_retry = sanitize($_POST['zone_retry']); $zone_expire = sanitize($_POST['zone_expire']); $zone_ttl = sanitize($_POST['zone_ttl']); $zone_serial = sanitize($_POST['zone_serial']); $zone_ns1 = sanitize($_POST['zone_ns1']); $zone_ns2 = sanitize($_POST['zone_ns2']); $zone_ns3 = sanitize($_POST['zone_ns3']); $zone_mx1 = sanitize($_POST['zone_mx1']); $zone_mx2 = sanitize($_POST['zone_mx2']); $zone_info = sanitize($_POST['zone_info']); $query = "INSERT INTO zone( zone_origin, zone_ttl_default, zone_soa, zone_hostmaster, zone_refresh, zone_retry, zone_expire, zone_ttl, zone_serial, zone_ns1, zone_ns2, zone_ns3, zone_mx1, zone_mx2, zone_info ) VALUE ( '$zone_origin', '$zone_ttl_default', '$zone_soa', '$zone_hostmaster', '$zone_refresh', '$zone_retry', '$zone_expire', '$zone_ttl', '$zone_serial', '$zone_ns1', '$zone_ns2', '$zone_ns3', '$zone_mx1', '$zone_mx2', '$zone_info' )"; $zoneid = $db->db_insert($query); header_location("zoneview.php?zone_id=" . $zoneid); break; } } if (isset($_POST['del'])) { switch ($_POST['del']) { case ("asset") : $asset_id = sanitize($_POST['asset_id']); $query = "DELETE FROM asset WHERE asset_id=" . $asset_id; $db->db_delete($query); $query = "DELETE FROM node WHERE asset_id=" . $asset_id; $db->db_delete($query); header_location("asset.php"); break; case ("assetclass") : $assetclass_id = sanitize($_POST['assetclass_id']); $query = "DELETE FROM assetclass WHERE assetclass_id=" . $assetclass_id; $db->db_delete($query); header_location("assetclass.php"); break; case ("assetclassgroup") : $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']); $query = "DELETE FROM assetclassgroup WHERE assetclassgroup_id=" . $assetclassgroup_id; $db->db_delete($query); header_location("assetclassgroup.php"); break; case ("location") : $location_id = sanitize($_POST['location_id']); $query = "DELETE FROM location WHERE location_id=" . $location_id; $db->db_delete($query); header_location("location.php"); break; case ("locationsubnet") : $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); $query = "DELETE FROM subnetlocation WHERE location_id=" . $location_id . " AND subnet_id=" . $subnet_id; $db->db_delete($query); header_location("locationview.php?location_id=" . $location_id); break; case ("nat") : $node_id_ext = sanitize($_POST['node_id_ext']); $node_id_int = sanitize($_POST['node_id_int']); $query = "DELETE FROM nat WHERE nat_ext=" . $node_id_ext . " AND nat_int=" . $node_id_int; $db->db_delete($query); header_location("nodeview.php?node_id=" . $node_id_ext); break; case ("node") : $node_id = sanitize($_POST['node_id']); $asset_id = sanitize($_POST['asset_id']); $query = "DELETE FROM node WHERE node_id=" . $node_id; $db->db_delete($query); header_location("assetview.php?asset_id=" . $asset_id); break; case ("subnet") : $subnet_id = sanitize($_POST['subnet_id']); $query = "DELETE FROM subnet WHERE subnet_id=" . $subnet_id; $db->db_delete($query); $query = "DELETE FROM node WHERE subnet_id=" . $subnet_id; $db->db_delete($query); header_location("subnet.php"); break; case ("subnetlocation") : $location_id = sanitize($_POST['location_id']); $subnet_id = sanitize($_POST['subnet_id']); $query = "DELETE FROM subnetlocation WHERE location_id=" . $location_id . " AND subnet_id=" . $subnet_id; $db->db_delete($query); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("subnetvlan") : $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); $query = "DELETE FROM subnetvlan WHERE subnet_id=" . $subnet_id . " AND vlan_id=" . $vlan_id; $db->db_delete($query); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("user") : $user_id = sanitize($_POST['user_id']); $query = "DELETE FROM user WHERE user_id=" . $user_id; $db->db_delete($query); header_location("user.php"); break; case ("vlan") : $vlan_id = sanitize($_POST['vlan_id']); $query = "DELETE FROM vlan WHERE vlan_id=" . $vlan_id; $db->db_delete($query); header_location("vlan.php"); break; case ("vlansubnet") : $subnet_id = sanitize($_POST['subnet_id']); $vlan_id = sanitize($_POST['vlan_id']); $query = "DELETE FROM subnetvlan WHERE subnet_id=" . $subnet_id . " AND vlan_id=" . $vlan_id; $db->db_delete($query); header_location("vlanview.php?vlan_id=" . $vlan_id); break; case ("zone") : $zone_id = sanitize($_POST['zone_id']); $query = "DELETE FROM zone WHERE zone_id=" . $zone_id; $db->db_delete($query); header_location("zone.php"); break; } } if (isset($_POST['edit'])) { switch ($_POST['edit']) { case ("asset") : $asset_id = sanitize($_POST['asset_id']); $asset_name = sanitize($_POST['asset_name']); $asset_info = sanitize($_POST['asset_info']); $asset_hostname = sanitize($_POST['asset_hostname']); $assetclass_id = sanitize($_POST['assetclass_id']); $query = "UPDATE asset SET asset_name='$asset_name', asset_info='$asset_info', asset_hostname='$asset_hostname', assetclass_id='$assetclass_id' WHERE asset_id=" . $asset_id; $db->db_update($query); header_location("assetview.php?asset_id=" . $asset_id); case ("assetclass") : $assetclass_id = sanitize($_POST['assetclass_id']); $assetclass_name = sanitize($_POST['assetclass_name']); $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']); $query = "UPDATE assetclass SET assetclass_name='$assetclass_name', assetclassgroup_id='$assetclassgroup_id' WHERE assetclass_id=" . $assetclass_id; $db->db_update($query); header_location("assetclassview.php?assetclass_id=" . $assetclass_id); break; case ("assetclassgroup") : $assetclassgroup_id = sanitize($_POST['assetclassgroup_id']); $assetclassgroup_name = sanitize($_POST['assetclassgroup_name']); $assetclassgroup_color = preg_replace("|[^a-zA-Z0-9]|", "", strtoupper(sanitize($_POST['assetclassgroup_color']))); $query = "UPDATE assetclassgroup SET assetclassgroup_name='$assetclassgroup_name', assetclassgroup_color='$assetclassgroup_color' WHERE assetclassgroup_id=" . $assetclassgroup_id; $db->db_update($query); header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id); break; case ("location") : $location_id = sanitize($_POST['location_id']); $location_name = sanitize($_POST['location_name']); $location_info = sanitize($_POST['location_info']); $parentlocation_id = sanitize($_POST['parentlocation_id']); $query = "UPDATE location SET location_name='$location_name', location_parent='$parentlocation_id', location_info='$location_info' WHERE location_id=" . $location_id; $db->db_update($query); header_location("locationview.php?location_id=" . $location_id); break; case ("node") : $node_id = sanitize($_POST['node_id']); $asset_id = sanitize($_POST['asset_id']); $node_ip = sanitize($_POST['node_ip']); $subnet_id = sanitize($_POST['subnet_id']); $node_mac = strip_mac(sanitize($_POST['node_mac'])); $node_dns1 = sanitize($_POST['node_dns1']); $node_dns2 = sanitize($_POST['node_dns2']); $node_info = sanitize($_POST['node_info']); $zone_id = sanitize($_POST['zone_id']); $query = "UPDATE node SET asset_id='$asset_id', node_ip='$node_ip', subnet_id='$subnet_id', node_mac='$node_mac', node_dns1='$node_dns1', node_dns2='$node_dns2', node_info='$node_info', zone_id='$zone_id' WHERE node_id=" . $node_id; $db->db_update($query); header_location("nodeview.php?node_id=" . $node_id); break; case ("optionsdisplay") : $user_id = $_SESSION['suser_id']; $user_language = $_POST['user_language']; $user_imagesize = sanitize($_POST['user_imagesize']); $user_imagecount = sanitize($_POST['user_imagecount']); $user_mac = sanitize($_POST['user_mac']); $user_dateformat = sanitize($_POST['user_dateformat']); $user_dns1suffix = sanitize($_POST['user_dns1suffix']); $user_dns2suffix = sanitize($_POST['user_dns2suffix']); $user_menu_assets = sanitize($_POST['user_menu_assets']); $user_menu_assetclasses = sanitize($_POST['user_menu_assetclasses']); $user_menu_assetclassgroups = sanitize($_POST['user_menu_assetclassgroups']); $user_menu_locations = sanitize($_POST['user_menu_locations']); $user_menu_nodes = sanitize($_POST['user_menu_nodes']); $user_menu_subnets = sanitize($_POST['user_menu_subnets']); $user_menu_users = sanitize($_POST['user_menu_users']); $user_menu_vlans = sanitize($_POST['user_menu_vlans']); $user_menu_zones = sanitize($_POST['user_menu_zones']); $user_tooltips = sanitize($_POST['user_tooltips']); $query = "UPDATE user SET user_language='" . $user_language . "', user_imagesize='" . $user_imagesize . "', user_imagecount='" . $user_imagecount . "', user_mac='" . $user_mac . "', user_dateformat='" . $user_dateformat . "', user_dns1suffix='" . $user_dns1suffix . "', user_dns2suffix='" . $user_dns2suffix . "', user_menu_assets='" . $user_menu_assets . "', user_menu_assetclasses='" . $user_menu_assetclasses . "', user_menu_assetclassgroups='" . $user_menu_assetclassgroups . "', user_menu_locations='" . $user_menu_locations . "', user_menu_nodes='" . $user_menu_nodes . "', user_menu_subnets='" . $user_menu_subnets . "', user_menu_users='" . $user_menu_users . "', user_menu_vlans='" . $user_menu_vlans . "', user_menu_zones='" . $user_menu_zones . "', user_tooltips='" . $user_tooltips . "' WHERE user_id=" . $user_id; $_SESSION['suser_language'] = $user_language; $_SESSION['suser_imagesize'] = $user_imagesize; $_SESSION['suser_imagecount'] = $user_imagecount; $_SESSION['suser_mac'] = $user_mac; $_SESSION['suser_dateformat'] = $user_dateformat; $_SESSION['suser_dns1suffix'] = $user_dns1suffix; $_SESSION['suser_dns2suffix'] = $user_dns2suffix; $_SESSION['suser_menu_assets'] = $user_menu_assets; $_SESSION['suser_menu_assetclasses'] = $user_menu_assetclasses; $_SESSION['suser_menu_assetclassgroups'] = $user_menu_assetclassgroups; $_SESSION['suser_menu_locations'] = $user_menu_locations; $_SESSION['suser_menu_nodes'] = $user_menu_nodes; $_SESSION['suser_menu_subnets'] = $user_menu_subnets; $_SESSION['suser_menu_users'] = $user_menu_users; $_SESSION['suser_menu_vlans'] = $user_menu_vlans; $_SESSION['suser_menu_zones'] = $user_menu_zones; $_SESSION['suser_tooltips'] = $user_tooltips; $db->db_update($query); header_location("options.php"); break; case ("optionspassword") : $user_id = $_SESSION['suser_id']; $user_currentpass = sanitize($_POST['user_currentpass']); $user_newpass1 = sanitize($_POST['user_newpass1']); $user_newpass2 = sanitize($_POST['user_newpass2']); $query = "SELECT user_pass FROM user WHERE user_id='" . $user_id . "'"; $user = $db->db_select($query); if (password_verify($user_currentpass, $user[0]['user_pass'])) { if(!strcmp($user_newpass1, $user_newpass2)) { $newhash = password_hash($user_newpass1, PASSWORD_BCRYPT); $query = "UPDATE user SET user_pass='" . $newhash . "' WHERE user_id=" . $user_id; $db->db_update($query); header_location("options.php"); } } break; case ("subnet") : $subnet_id = sanitize($_POST['subnet_id']); $subnet_address= sanitize($_POST['subnet_address']); $subnet_proto_vers = sanitize($_POST['subnet_proto_vers']); $subnet_mask = sanitize($_POST['subnet_mask']); $subnet_dhcpstart = sanitize($_POST['subnet_dhcpstart']); $subnet_dhcpend = sanitize($_POST['subnet_dhcpend']); $subnet_ntp_server = sanitize($_POST['subnet_ntp_server']); $subnet_info = sanitize($_POST['subnet_info']); $query = "UPDATE subnet SET subnet_address='$subnet_address', subnet_mask='$subnet_mask', subnet_dhcp_start='$subnet_dhcpstart', subnet_dhcp_end='$subnet_dhcpend', subnet_info='$subnet_info', protocol_version=$subnet_proto_vers, ntp_server='$subnet_ntp_server' WHERE subnet_id=" . $subnet_id; $db->db_update($query); header_location("subnetview.php?subnet_id=" . $subnet_id); break; case ("user") : $user_id = sanitize($_POST['user_id']); $user_name = sanitize($_POST['user_name']); $user_displayname = sanitize($_POST['user_displayname']); $query = "UPDATE user SET user_name='" . $user_name . "', user_displayname='" . $user_displayname . "' WHERE user_id=" . $user_id; $db->db_update($query); header_location("userview.php?user_id=" . $user_id); break; case ("vlan") : $vlan_id = sanitize($_POST['vlan_id']); $vlan_name = sanitize($_POST['vlan_name']); $vlan_number = sanitize($_POST['vlan_number']); $vlan_info = sanitize($_POST['vlan_info']); $query = "UPDATE vlan SET vlan_name='$vlan_name', vlan_number='$vlan_number', vlan_info='$vlan_info' WHERE vlan_id=" . $vlan_id; $db->db_update($query); header_location("vlanview.php?vlan_id=" . $vlan_id); break; case ("zone") : $zone_id = sanitize($_POST['zone_id']); $zone_origin = sanitize($_POST['zone_origin']); $zone_ttl_default = sanitize($_POST['zone_ttl_default']); $zone_soa = sanitize($_POST['zone_soa']); $zone_hostmaster = sanitize($_POST['zone_hostmaster']); $zone_refresh = sanitize($_POST['zone_refresh']); $zone_retry = sanitize($_POST['zone_retry']); $zone_expire = sanitize($_POST['zone_expire']); $zone_ttl = sanitize($_POST['zone_ttl']); $zone_serial = sanitize($_POST['zone_serial']); $zone_ns1 = sanitize($_POST['zone_ns1']); $zone_ns2 = sanitize($_POST['zone_ns2']); $zone_ns3 = sanitize($_POST['zone_ns3']); $zone_mx1 = sanitize($_POST['zone_mx1']); $zone_mx2 = sanitize($_POST['zone_mx2']); $zone_info = sanitize($_POST['zone_info']); $query = "UPDATE zone SET zone_origin='$zone_origin', zone_ttl_default='$zone_ttl_default', zone_soa='$zone_soa', zone_hostmaster='$zone_hostmaster', zone_refresh='$zone_refresh', zone_retry='$zone_retry', zone_expire='$zone_expire', zone_ttl='$zone_ttl', zone_serial='$zone_serial', zone_ns1='$zone_ns1', zone_ns2='$zone_ns2', zone_ns3='$zone_ns3', zone_mx1='$zone_mx1', zone_mx2='$zone_mx2', zone_info='$zone_info' WHERE zone_id=" . $zone_id; $db->db_update($query); header_location("zoneview.php?zone_id=" . $zone_id); break; } } // still not redirected, check for error if(empty($comments)) { $comments = "error"; } header_location("comments.php?comments=" . $comments); ?>