<?php
session_start();
// check for user_id, if unnkown -> login
if(empty($_SESSION['suser_id'])) {
header("Location: login.php");
exit;
}
// includes
include("config.php");
include("dbconnect.php");
include("functions.php");
// check for submit
if ($_SERVER['REQUEST_METHOD']=="POST" ) {
// check for action
if (isset($_POST['add'])) {
switch ($_POST['add']) {
case ("asset") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_assetadd) {
// get variables
$asset_name = $_POST['asset_name'];
$hostname = $_POST['hostname'];
$assetclass_id = $_POST['assetclass_id'];
$asset_info = $_POST['asset_info'];
// update db
mysql_query("INSERT INTO asset(asset_name, hostname, assetclass_id, asset_info) VALUE ('$asset_name', '$hostname', '$assetclass_id', '$asset_info')") or die(mysql_error());
$asset_id = mysql_insert_id();
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
}
break;
case ("assetclass") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_assetclassadd) {
// get variables
$assetclass_name = $_POST['assetclass_name'];
$assetclassgroup_id = $_POST['assetclassgroup_id'];
// update db
mysql_query("INSERT INTO assetclass (assetclass_name, assetclassgroup_id) VALUE ('$assetclass_name', '$assetclassgroup_id')") or die(mysql_error());
$assetclass_id = mysql_insert_id();
// redirect
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
}
break;
case ("assigniptoasset") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_assigniptoasset) {
// get variables
$ip = $_POST['ip'];
$subnet_id = $_POST['subnet_id'];
$asset_id = $_POST['asset_id'];
$mac = strip_mac($_POST['mac']);
if ((!empty($_POST['dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = $_POST['dns1'] . $config_dns1suffix : $dns1 = $_POST['dns1']);
if ((!empty($_POST['dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = $_POST['dns2'] . $config_dns2suffix : $dns2 = $_POST['dns2']);
$node_info = $_POST['node_info'];
// update db
mysql_query("INSERT INTO node (ip, mac, dns1, dns2, subnet_id, asset_id, node_info) VALUE ('$ip', '$mac', '$dns1', '$dns2', '$subnet_id', '$asset_id', '$node_info')") or die(mysql_error());
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
}
break;
case ("assignlocationtosubnet") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_assignlocationtosubnet) {
// get variables
$location_id = $_POST['location_id'];
$subnet_id = $_POST['subnet_id'];
// update db
mysql_query("INSERT INTO subnetlocation (location_id, subnet_id) VALUE ('$location_id', '$subnet_id')") or die(mysql_error());
// redirect
header_location("Location: location.php");
}
break;
case ("assignvlantosubnet") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_assignvlantosubnet) {
// get variables
$vlan_id = $_POST['vlan_id'];
$subnet_id = $_POST['subnet_id'];
// update db
mysql_query("UPDATE subnet SET vlan_id='$vlan_id' WHERE subnet_id='$subnet_id'") or die(mysql_error());
// redirect
header_location("vlanview.php?vlan_id=" . $vlan_id);
}
break;
case ("location") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_locationadd) {
// get variables
$location_name = $_POST['location_name'];
$parent = $_POST['parent'];
// update db
mysql_query("INSERT INTO location (location_name, parent) VALUE ('$location_name', '$parent')") or die(mysql_error());
$location_id = mysql_insert_id();
// redirect
header_location("locationview.php?location_id=" . $location_id);
}
break;
case ("node") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_nodeadd) {
$result = mysql_query("SELECT * FROM node WHERE ip='$ip'") or die(mysql_error());
if (mysql_num_rows($result) == 0) {
// get variables
$asset_name = $_POST['asset_name'];
$hostname = $_POST['hostname'];
$assetclass_id = $_POST['assetclass_id'];
$ip = $_POST['ip'];
$mac = strip_mac($_POST['mac']);
if ((!empty($_POST['dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = $_POST['dns1'] . $config_dns1suffix : $dns1 = $_POST['dns1']);
if ((!empty($_POST['dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = $_POST['dns2'] . $config_dns2suffix : $dns2 = $_POST['dns2']);
$subnet_id = $_POST['subnet_id'];
// update db
mysql_query("INSERT INTO asset (asset_name, hostname, assetclass_id) VALUE ('$asset_name', '$hostname', '$assetclass_id')") or die(mysql_error());
$asset_id = mysql_insert_id();
mysql_query("INSERT INTO node (ip, mac, dns1, dns2, subnet_id, asset_id) VALUE ('$ip', '$mac', '$dns1', '$dns2', '$subnet_id', '$asset_id')") or die(mysql_error());
$node_id = mysql_insert_id();
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
}
// display error
$error = "ipinuse";
}
break;
case ("subnet") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_subnetadd) {
// get variables
$subnet_address= $_POST['subnet_address'];
$subnet_mask = $_POST['subnet_mask'];
// update db
mysql_query("INSERT INTO subnet (subnet_address, subnet_mask) VALUE ('$subnet_address', '$subnet_mask')") or die(mysql_error());
$subnet_id = mysql_insert_id();
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
}
break;
case ("user") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_useradd) {
// check for unique username
$result = mysql_query("SELECT user_name FROM user WHERE user_name='$user_name'") or die(mysql_error());
if(mysql_num_rows($result) == 0) {
// get variables
$user_name = $_POST['user_name'];
$user_pass = md5($config_user_pass);
$user_level = $_POST['user_level'];
$displayname = $_POST['user_name'];
$user_lang = $config_user_lang;
// update db
mysql_query("INSERT INTO user (user_name, user_pass, user_level, user_displayname, user_lang) VALUE ('$user_name', '$user_pass', '$user_level', '$displayname', '$user_lang')") or die(mysql_error());
// redirect
header_location("options.php");
}
// display error
$error = "usernameinuse";
}
break;
case ("vlan") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_vlanadd) {
// get variables
$vlan_name = $_POST['vlan_name'];
$vlan_number= $_POST['vlan_number'];
// update db
mysql_query("INSERT INTO vlan (vlan_name, vlan_number) VALUE ('$vlan_name', '$vlan_number')") or die(mysql_error());
$vlan_id = mysql_insert_id();
// redirect
header_location("vlan.php?vlan_id=" . $vlan_id);
}
break;
}
}
if (isset($_POST['edit'])) {
switch ($_POST['edit']) {
case ("asset") :
if($_SESSION['suser_level'] >= $config_userlevel_assetedit) {
// get variables
$asset_id = $_POST['asset_id'];
$asset_name = $_POST['asset_name'];
$hostname = $_POST['hostname'];
$assetclass_id = $_POST['assetclass_id'];
$asset_info = $_POST['asset_info'];
// update db
mysql_query("UPDATE asset SET asset_name='$asset_name', hostname='$hostname', assetclass_id='$assetclass_id', asset_info='$asset_info' WHERE asset_id='$asset_id'") or die(mysql_error()) or die(mysql_error());
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
}
break;
case ("assetclass") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_assetclassedit) {
// get variables
$assetclass_id = $_POST['assetclass_id'];
$assetclass_name = $_POST['assetclass_name'];
$assetclassgroup_id = $_POST['assetclassgroup_id'];
// update db
mysql_query("UPDATE assetclass SET assetclass_name='$assetclass_name', assetclassgroup_id='$assetclassgroup_id' WHERE assetclass_id='$assetclass_id'") or die(mysql_error());
// redirect
header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
}
break;
case ("node") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_nodeedit) {
// get variables
$node_id = $_POST['node_id'];
$subnet_id = $_POST['subnet_id'];
$mac = strip_mac($_POST['mac']);
$dns1 = $_POST['dns1'];
$dns2 = $_POST['dns2'];
$node_info = $_POST['node_info'];
// update db
mysql_query("UPDATE node SET subnet_id='$subnet_id', mac='$mac', dns1='$dns1', dns2='$dns2', node_info='$node_info' WHERE node_id='$node_id'") or die(mysql_error());
// redirect
header_location("nodeview.php?node_id=" . $node_id);
}
break;
case ("subnet") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_subnetedit) {
// get variables
$subnet_id = $_POST['subnet_id'];
$subnet_address= $_POST['subnet_address'];
$subnet_mask = $_POST['subnet_mask'];
$vlan_id = $_POST['vlan_id'];
$subnet_info = $_POST['subnet_info'];
// update db
mysql_query("UPDATE subnet SET subnet_address='$subnet_address', subnet_mask='$subnet_mask', vlan_id='$vlan_id', subnet_info='$subnet_info' WHERE subnet_id='$subnet_id'") or die(mysql_error());
// redirect
header_location("subnetview.php?subnet_id=" . $subnet_id);
}
break;
case ("user") :
// get variables
$user_displayname = $_POST['user_displayname'];
$user_mac = $_POST['user_mac'];
$user_lang = $_POST['user_lang'];
//update db
mysql_query("UPDATE user SET user_displayname='$user_displayname', user_mac='$user_mac', user_lang='$user_lang' WHERE user_id='$suser_id'") or die(mysql_error());
// update session
$_SESSION['suser_displayname'] = $user_displayname;
$_SESSION['suser_mac'] = $user_mac;
$_SESSION['suser_lang'] = $user_lang;
// redirect
header_location("options.php");
break;
case ("userpass") :
// check variables
if (trim($_POST['user_passold']) <> "" && trim($_POST['user_passnew1']) && trim($_POST['user_passnew2']) && trim($_POST['user_passnew1']) == trim($_POST['user_passnew2'])) {
// get variables
$user_passold = $_POST['user_passold'];
$user_passnew = md5($_POST['user_passnew1']);
// get current pass
$result = mysql_query("SELECT user_pass FROM user WHERE user_id='$suser_id'") or die(mysql_error());
// check current pass
if(!strcmp(md5($user_passold), mysql_result($result, 0, "user_pass"))) {
// update db
mysql_query("UPDATE user SET user_pass='$user_passnew' WHERE user_id='$suser_id'") or die(mysql_error());
// redirect
header_location("options.php");
}
}
// display error
echo '<b>Error!</b>';
break;
case ("vlan") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_vlanedit) {
// get variables
$vlan_id = $_POST['vlan_id'];
$vlan_name = $_POST['vlan_name'];
$vlan_number = $_POST['vlan_number'];
$vlan_info = $_POST['vlan_info'];
// update db
mysql_query("UPDATE vlan SET vlan_name='$vlan_name', vlan_number='$vlan_number', vlan_info='$vlan_info' WHERE vlan_id='$vlan_id'") or die(mysql_error());
// redirect
header_location("vlanview.php?vlan_id=" . $vlan_id);
}
break;
}
}
if (isset($_POST['del'])) {
switch ($_POST['del']) {
case ("asset") :
if($_SESSION['suser_level'] >= $config_userlevel_assetdel) {
// get variables
$asset_id = $_POST['asset_id'];
// update db
mysql_query("DELETE FROM asset WHERE asset_id='$asset_id'") or die(mysql_error());
mysql_query("DELETE FROM node WHERE asset_id='$asset_id'") or die(mysql_error());
// redirect
header_location("asset.php");
}
break;
case ("assetclass") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_assetclassdel) {
// get variables
$assetclass_id = $_POST['assetclass_id'];
// update db
mysql_query("DELETE FROM assetclass WHERE assetclass_id='$assetclass_id'") or die(mysql_error());
// redirect
header_location("assetclass.php");
}
break;
case ("location") :
if($_SESSION['suser_level'] >= $config_userlevel_locationdel) {
// get variables
$location_id = $_POST['location_id'];
$result = mysql_query("SELECT location_id FROM location WHERE parent='$location_id'") or die(mysql_error());
if (mysql_num_rows($result) == 0) {
// update db
mysql_query("DELETE FROM location WHERE location_id='$location_id'") or die(mysql_error());
// redirect
header_location("location.php");
}
// display error
$error = "locationisparent";
}
break;
case ("node") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_nodedel) {
// get variables
$node_id = $_POST['node_id'];
$asset_id = $_POST['asset_id'];
// update db
mysql_query("DELETE FROM node WHERE node_id='$node_id'") or die(mysql_error());
// redirect
header_location("assetview.php?asset_id=" . $asset_id);
}
break;
case ("subnet") :
if($_SESSION['suser_level'] >= $config_userlevel_subnetdel) {
// get variables
$subnet_id = $_POST['subnet_id'];
// update db
mysql_query("DELETE FROM subnet WHERE subnet_id='$subnet_id'") or die(mysql_error());
mysql_query("DELETE FROM node WHERE subnet_id='$subnet_id'") or die(mysql_error());
// redirect
header_location("asset.php");
}
break;
case ("vlan") :
// check permission
if($_SESSION['suser_level'] >= $config_userlevel_vlandel) {
// get variables
$vlan_id = $_POST['vlan_id'];
// update db
mysql_query("DELETE FROM vlan WHERE vlan_id='$vlan_id'") or die(mysql_error());
// redirect
header_location("vlan.php");
}
break;
}
}
}
// still not redirected, check for error
if(empty($error)) {
$error = "notallowed";
}
// redirect
header_location("error.php?error=" . $error);
?>