<?php
	session_start();
	
	// check for user_id, if unnkown -> login
	if(empty($_SESSION['suser_id'])) {
		header("Location: login.php");
		exit;
	}
	
	// includes
	include("config.php");
	include("dbconnect.php");
	include("functions.php");
	
	// check for submit
	if ($_SERVER['REQUEST_METHOD']=="POST" ) {
		// check for action
		if (isset($_POST['add'])) {
			switch ($_POST['add']) {
				case ("asset") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_assetadd) {
						// get variables
						$asset_name = $_POST['asset_name'];
						$hostname = $_POST['hostname'];
						$assetclass_id = $_POST['assetclass_id'];
						$asset_info = $_POST['asset_info'];
						
						// update db
						mysql_query("INSERT INTO asset(asset_name, hostname, assetclass_id, asset_info) VALUE ('$asset_name', '$hostname', '$assetclass_id', '$asset_info')") or die(mysql_error());
						$asset_id = mysql_insert_id();
						
						// redirect
						header_location("assetview.php?asset_id=" . $asset_id);
					}
				break;
				case ("assetclass") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_assetclassadd) {
						// get variables
						$assetclass_name = $_POST['assetclass_name'];
						$assetclassgroup_id = $_POST['assetclassgroup_id'];
						
						// update db
						mysql_query("INSERT INTO assetclass (assetclass_name, assetclassgroup_id) VALUE ('$assetclass_name', '$assetclassgroup_id')") or die(mysql_error());
						$assetclass_id = mysql_insert_id();
						
						// redirect
						header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
					}
				break;
				case ("assigniptoasset") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_assigniptoasset) {
						// get variables
						$ip = $_POST['ip'];
						$subnet_id = $_POST['subnet_id'];
						$asset_id = $_POST['asset_id'];
						$mac = strip_mac($_POST['mac']);						
						if ((!empty($_POST['dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = $_POST['dns1'] . $config_dns1suffix : $dns1 = $_POST['dns1']);
						if ((!empty($_POST['dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = $_POST['dns2'] . $config_dns2suffix : $dns2 = $_POST['dns2']);
						$node_info = $_POST['node_info'];
						
						// update db
						mysql_query("INSERT INTO node (ip, mac, dns1, dns2, subnet_id, asset_id, node_info) VALUE ('$ip', '$mac', '$dns1', '$dns2', '$subnet_id', '$asset_id', '$node_info')") or die(mysql_error());
						
						// redirect
						header_location("assetview.php?asset_id=" . $asset_id);
					}
				break;
				case ("assignlocationtosubnet") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_assignlocationtosubnet) {
						// get variables
						$location_id = $_POST['location_id'];
						$subnet_id = $_POST['subnet_id'];
						
						// update db
						mysql_query("INSERT INTO subnetlocation (location_id, subnet_id) VALUE ('$location_id', '$subnet_id')") or die(mysql_error());
						
						// redirect
						header_location("Location: location.php");
					}
				break;
				case ("assignvlantosubnet") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_assignvlantosubnet) {
						// get variables
						$vlan_id = $_POST['vlan_id'];
						$subnet_id = $_POST['subnet_id'];
						
						// update db
						mysql_query("UPDATE subnet SET vlan_id='$vlan_id' WHERE subnet_id='$subnet_id'") or die(mysql_error());
						
						// redirect
						header_location("vlanview.php?vlan_id=" . $vlan_id);
					}
				break;
				case ("location") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_locationadd) {
						// get variables
						$location_name = $_POST['location_name'];
						$parent = $_POST['parent'];
						
						// update db
						mysql_query("INSERT INTO location (location_name, parent) VALUE ('$location_name', '$parent')") or die(mysql_error());
						$location_id = mysql_insert_id();
						
						// redirect
						header_location("locationview.php?location_id=" . $location_id);
					}
				break;
				case ("node") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_nodeadd) {
						$result = mysql_query("SELECT * FROM node WHERE ip='$ip'") or die(mysql_error());
						if (mysql_num_rows($result) == 0) {
							// get variables
							$asset_name = $_POST['asset_name'];
							$hostname = $_POST['hostname'];
							$assetclass_id = $_POST['assetclass_id'];
							$ip = $_POST['ip'];
							$mac = strip_mac($_POST['mac']);
							if ((!empty($_POST['dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = $_POST['dns1'] . $config_dns1suffix : $dns1 = $_POST['dns1']);
							if ((!empty($_POST['dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = $_POST['dns2'] . $config_dns2suffix : $dns2 = $_POST['dns2']);
							$subnet_id = $_POST['subnet_id'];
							
							// update db
							mysql_query("INSERT INTO asset (asset_name, hostname, assetclass_id) VALUE ('$asset_name', '$hostname', '$assetclass_id')") or die(mysql_error());
							$asset_id = mysql_insert_id();
							mysql_query("INSERT INTO node (ip, mac, dns1, dns2, subnet_id, asset_id) VALUE ('$ip', '$mac', '$dns1', '$dns2', '$subnet_id', '$asset_id')") or die(mysql_error());
							$node_id = mysql_insert_id();
							
							// redirect
							header_location("assetview.php?asset_id=" . $asset_id);
						}
						// display error
						$error = "ipinuse";
					}
				break;
				case ("subnet") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_subnetadd) {
						// get variables
						$subnet_address= $_POST['subnet_address'];
						$subnet_mask = $_POST['subnet_mask'];
						
						// update db
						mysql_query("INSERT INTO subnet (subnet_address, subnet_mask) VALUE ('$subnet_address', '$subnet_mask')") or die(mysql_error());
						$subnet_id = mysql_insert_id();
						
						// redirect							
						header_location("subnetview.php?subnet_id=" . $subnet_id);
					}
				break;
				case ("user") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_useradd) {
						// check for unique username
						$result = mysql_query("SELECT user_name FROM user WHERE user_name='$user_name'") or die(mysql_error());
						if(mysql_num_rows($result) == 0) {
							// get variables
							$user_name = $_POST['user_name'];
							$user_pass = md5($config_user_pass);
							$user_level = $_POST['user_level'];
							$displayname = $_POST['user_name'];
							$user_lang = $config_user_lang;
							
							// update db
							mysql_query("INSERT INTO user (user_name, user_pass, user_level, user_displayname, user_lang) VALUE ('$user_name', '$user_pass', '$user_level', '$displayname', '$user_lang')") or die(mysql_error());
							
							// redirect
							header_location("options.php");
						}
						// display error
						$error = "usernameinuse";
					}
				break;
				case ("vlan") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_vlanadd) {
						// get variables
						$vlan_name = $_POST['vlan_name'];
						$vlan_number= $_POST['vlan_number'];
						
						// update db
						mysql_query("INSERT INTO vlan (vlan_name, vlan_number) VALUE ('$vlan_name', '$vlan_number')") or die(mysql_error());
						$vlan_id = mysql_insert_id();
						
						// redirect
						header_location("vlan.php?vlan_id=" . $vlan_id);
					}
				break;
			}
		}
		
		if (isset($_POST['edit'])) {
			switch ($_POST['edit']) {
				case ("asset") :
					if($_SESSION['suser_level'] >= $config_userlevel_assetedit) {
						// get variables
						$asset_id = $_POST['asset_id'];
						$asset_name = $_POST['asset_name'];
						$hostname = $_POST['hostname'];
						$assetclass_id = $_POST['assetclass_id'];
						$asset_info = $_POST['asset_info'];
						
						// update db
						mysql_query("UPDATE asset SET asset_name='$asset_name', hostname='$hostname', assetclass_id='$assetclass_id', asset_info='$asset_info' WHERE asset_id='$asset_id'") or die(mysql_error()) or die(mysql_error());
						
						// redirect
						header_location("assetview.php?asset_id=" . $asset_id);
					}
				break;
				case ("assetclass") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_assetclassedit) {
						// get variables
						$assetclass_id = $_POST['assetclass_id'];
						$assetclass_name = $_POST['assetclass_name'];
						$assetclassgroup_id = $_POST['assetclassgroup_id'];
						
						// update db
						mysql_query("UPDATE assetclass SET assetclass_name='$assetclass_name', assetclassgroup_id='$assetclassgroup_id' WHERE assetclass_id='$assetclass_id'") or die(mysql_error());
						
						// redirect
						header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
					}
				break;
				case ("node") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_nodeedit) {
						// get variables
						$node_id = $_POST['node_id'];
						$subnet_id = $_POST['subnet_id'];
						$mac = strip_mac($_POST['mac']);
						$dns1 = $_POST['dns1'];
						$dns2 = $_POST['dns2'];
						$node_info = $_POST['node_info'];
						
						// update db
						mysql_query("UPDATE node SET subnet_id='$subnet_id', mac='$mac', dns1='$dns1', dns2='$dns2', node_info='$node_info' WHERE node_id='$node_id'") or die(mysql_error());
						
						// redirect
						header_location("nodeview.php?node_id=" . $node_id);
					}
				break;
				case ("subnet") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_subnetedit) {
						// get variables
						$subnet_id = $_POST['subnet_id'];
						$subnet_address= $_POST['subnet_address'];
						$subnet_mask = $_POST['subnet_mask'];
						$vlan_id = $_POST['vlan_id'];
						$subnet_info = $_POST['subnet_info'];
						
						// update db
						mysql_query("UPDATE subnet SET subnet_address='$subnet_address', subnet_mask='$subnet_mask', vlan_id='$vlan_id', subnet_info='$subnet_info' WHERE subnet_id='$subnet_id'") or die(mysql_error());
						
						// redirect
						header_location("subnetview.php?subnet_id=" . $subnet_id);
					}
				break;
				case ("user") :
					// get variables
					$user_displayname = $_POST['user_displayname'];
					$user_mac = $_POST['user_mac'];
					$user_lang = $_POST['user_lang'];
					
					//update db
					mysql_query("UPDATE user SET user_displayname='$user_displayname', user_mac='$user_mac', user_lang='$user_lang' WHERE user_id='$suser_id'") or die(mysql_error());
					
					// update session
					$_SESSION['suser_displayname'] = $user_displayname;
					$_SESSION['suser_mac'] = $user_mac;
					$_SESSION['suser_lang'] = $user_lang;
					
					// redirect
					header_location("options.php");
				break;
				case ("userpass") :
					// check variables
					if (trim($_POST['user_passold']) <> "" && trim($_POST['user_passnew1']) && trim($_POST['user_passnew2']) && trim($_POST['user_passnew1']) == trim($_POST['user_passnew2'])) {
						// get variables
						$user_passold = $_POST['user_passold'];
						$user_passnew = md5($_POST['user_passnew1']);
						
						// get current pass
						$result = mysql_query("SELECT user_pass FROM user WHERE user_id='$suser_id'") or die(mysql_error());
						// check current pass
						if(!strcmp(md5($user_passold), mysql_result($result, 0, "user_pass"))) {
							// update db
							mysql_query("UPDATE user SET user_pass='$user_passnew' WHERE user_id='$suser_id'") or die(mysql_error());
							
							// redirect
							header_location("options.php");
						}
					}
					
					// display error
					echo '<b>Error!</b>';
				break;
				case ("vlan") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_vlanedit) {
						// get variables
						$vlan_id = $_POST['vlan_id'];
						$vlan_name = $_POST['vlan_name'];
						$vlan_number = $_POST['vlan_number'];
						$vlan_info = $_POST['vlan_info'];
						
						// update db
						mysql_query("UPDATE vlan SET vlan_name='$vlan_name', vlan_number='$vlan_number', vlan_info='$vlan_info' WHERE vlan_id='$vlan_id'") or die(mysql_error());
						
						// redirect
						header_location("vlanview.php?vlan_id=" . $vlan_id);
					}
				break;
			}
		}
		
		if (isset($_POST['del'])) {
			switch ($_POST['del']) {
				case ("asset") :
					if($_SESSION['suser_level'] >= $config_userlevel_assetdel) {
						// get variables
						$asset_id = $_POST['asset_id'];
						
						// update db
						mysql_query("DELETE FROM asset WHERE asset_id='$asset_id'") or die(mysql_error());
						mysql_query("DELETE FROM node WHERE asset_id='$asset_id'") or die(mysql_error());
						
						// redirect
						header_location("asset.php");
					}
				break;
				case ("assetclass") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_assetclassdel) {
						// get variables
						$assetclass_id = $_POST['assetclass_id'];
						
						// update db
						mysql_query("DELETE FROM assetclass WHERE assetclass_id='$assetclass_id'") or die(mysql_error());
						
						// redirect
						header_location("assetclass.php");
					}
				break;
				case ("location") :
					if($_SESSION['suser_level'] >= $config_userlevel_locationdel) {
						// get variables
						$location_id = $_POST['location_id'];
						
						$result = mysql_query("SELECT location_id FROM location WHERE parent='$location_id'") or die(mysql_error());
						if (mysql_num_rows($result) == 0) {
							// update db
							mysql_query("DELETE FROM location WHERE location_id='$location_id'") or die(mysql_error());
						
							// redirect
							header_location("location.php");
						}
						// display error
						$error = "locationisparent";
					}
				break;
				case ("node") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_nodedel) {
						// get variables
						$node_id = $_POST['node_id'];
						$asset_id = $_POST['asset_id'];
						
						// update db
						mysql_query("DELETE FROM node WHERE node_id='$node_id'") or die(mysql_error());
						
						// redirect
						header_location("assetview.php?asset_id=" . $asset_id);
					}
				break;
				case ("subnet") :
					if($_SESSION['suser_level'] >= $config_userlevel_subnetdel) {
						// get variables
						$subnet_id = $_POST['subnet_id'];
						
						// update db
						mysql_query("DELETE FROM subnet WHERE subnet_id='$subnet_id'") or die(mysql_error());
						mysql_query("DELETE FROM node WHERE subnet_id='$subnet_id'") or die(mysql_error());
						
						// redirect
						header_location("asset.php");
					}
				break;
				case ("vlan") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_vlandel) {
						// get variables
						$vlan_id = $_POST['vlan_id'];
						
						// update db
						mysql_query("DELETE FROM vlan WHERE vlan_id='$vlan_id'") or die(mysql_error());
						
						// redirect
						header_location("vlan.php");
					}
				break;
			}
		}
	}
	// still not redirected, check for error
	if(empty($error)) {
		$error = "notallowed";
	}
	
	// redirect
	header_location("error.php?error=" . $error);
?>