<?php
	/*****************************************************************************
	IP Reg, a PHP/MySQL IPAM tool
	Copyright (C) 2008 Wietse Warendorff
	
	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.
	
	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.
	
	You should have received a copy of the GNU General Public License
	along with this program.  If not, see <http://www.gnu.org/licenses/>.
	
	For more information, visit http://sourceforge.net/projects/ipreg,
	or contact me at wietsew@users.sourceforge.net
	*****************************************************************************/
	
	// includes
	include("includes.php");
	
	// check for submit
	if ($_SERVER['REQUEST_METHOD']=="POST") {
		// check for action
		if (isset($_POST['add'])) {
			switch ($_POST['add']) {
				case ("asset") :
					// get variables
					$asset_name = $_POST['asset_name'];
					$hostname = $_POST['hostname'];
					$assetclass_id = $_POST['assetclass_id'];
					$asset_info = $_POST['asset_info'];
					
					// check permission
					auth("asset", $config_auth_assetadd, 0);
					
					// update db
					mysql_query("INSERT INTO asset(asset_name, hostname, assetclass_id, asset_info) VALUE ('$asset_name', '$hostname', '$assetclass_id', '$asset_info')") or die(mysql_error());
					$asset_id = mysql_insert_id();
					
					// redirect
					header_location("assetview.php?asset_id=" . $asset_id);
				break;
				case ("assetclass") :
					// get variables
					$assetclass_name = $_POST['assetclass_name'];
					$assetclassgroup_id = $_POST['assetclassgroup_id'];
										
					// check permission
					auth("assetclass", $config_auth_assetclassadd, 0);
										
					// update db
					mysql_query("INSERT INTO assetclass (assetclass_name, assetclassgroup_id) VALUE ('$assetclass_name', '$assetclassgroup_id')") or die(mysql_error());
					$assetclass_id = mysql_insert_id();
					
					// redirect
					header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
				break;
				case ("assetclassgroup") :
					// get variables
					$assetclassgroup_name = $_POST['assetclassgroup_name'];
					$color = strtoupper($_POST['color']);
					$color = preg_replace("|[^a-zA-Z0-9]|", "", $color);
										
					// check permission
					auth("assetclassgroup", $config_auth_assetclassgroupadd, 0);
										
					// update db
					mysql_query("INSERT INTO assetclassgroup (assetclassgroup_name, color) VALUE ('$assetclassgroup_name', '$color')") or die(mysql_error());
					$assetclassgroup_id = mysql_insert_id();
					
					// redirect
					header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
				break;
				case ("assigniptoasset") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_assigniptoasset) {
						// get variables
						$ip = $_POST['ip'];
						$subnet_id = $_POST['subnet_id'];
						$asset_id = $_POST['asset_id'];
						$mac = strip_mac($_POST['mac']);						
						if ((!empty($_POST['dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = $_POST['dns1'] . $config_dns1suffix : $dns1 = $_POST['dns1']);
						if ((!empty($_POST['dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = $_POST['dns2'] . $config_dns2suffix : $dns2 = $_POST['dns2']);
						$node_info = $_POST['node_info'];
						
						// update db
						mysql_query("INSERT INTO node (ip, mac, dns1, dns2, subnet_id, asset_id, node_info) VALUE ('$ip', '$mac', '$dns1', '$dns2', '$subnet_id', '$asset_id', '$node_info')") or die(mysql_error());
						
						// redirect
						header_location("assetview.php?asset_id=" . $asset_id);
					}
				break;
				case ("assignlocationtosubnet") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_assignlocationtosubnet) {
						// get variables
						$location_id = $_POST['location_id'];
						$subnet_id = $_POST['subnet_id'];
						
						// update db
						mysql_query("INSERT INTO subnetlocation (location_id, subnet_id) VALUE ('$location_id', '$subnet_id')") or die(mysql_error());
						
						// redirect
						header_location("Location: location.php");
					}
				break;
				case ("assignvlantosubnet") :
					// check permission
					if($_SESSION['suser_level'] >= $config_userlevel_assignvlantosubnet) {
						// get variables
						$vlan_id = $_POST['vlan_id'];
						$subnet_id = $_POST['subnet_id'];
						
						// update db
						mysql_query("UPDATE subnet SET vlan_id='$vlan_id' WHERE subnet_id='$subnet_id'") or die(mysql_error());
						
						// redirect
						header_location("vlanview.php?vlan_id=" . $vlan_id);
					}
				break;
				case ("location") :
					// get variables
					$location_name = $_POST['location_name'];
					$parent = $_POST['parent'];
					$location_info = $_POST['location_info'];
					
					// check permission
					auth("location", $config_auth_locationadd, 0);
					
					// update db
					mysql_query("INSERT INTO location (location_name, parent, location_info) VALUE ('$location_name', '$parent', '$location_info')") or die(mysql_error());
					$location_id = mysql_insert_id();
					
					// redirect
					header_location("locationview.php?location_id=" . $location_id);
				break;
				case ("node") :
					// get variables
					$asset_name = $_POST['asset_name'];
					$hostname = $_POST['hostname'];
					$assetclass_id = $_POST['assetclass_id'];
					$ip = $_POST['ip'];
					$mac = strip_mac($_POST['mac']);
					if ((!empty($_POST['dns1']) && isset($_POST['dns1suffix'])) ? $dns1 = $_POST['dns1'] . $config_dns1suffix : $dns1 = $_POST['dns1']);
					if ((!empty($_POST['dns2']) && isset($_POST['dns2suffix'])) ? $dns2 = $_POST['dns2'] . $config_dns2suffix : $dns2 = $_POST['dns2']);
					$subnet_id = $_POST['subnet_id'];					
														
					// check permission
					auth("node", $config_auth_nodeadd, 0);
					
					$result = mysql_query("SELECT * FROM node WHERE ip='$ip'") or die(mysql_error());
					if (mysql_num_rows($result) == 0) {
						// update db
						mysql_query("INSERT INTO asset (asset_name, hostname, assetclass_id) VALUE ('$asset_name', '$hostname', '$assetclass_id')") or die(mysql_error());
						$asset_id = mysql_insert_id();
						mysql_query("INSERT INTO node (ip, mac, dns1, dns2, subnet_id, asset_id) VALUE ('$ip', '$mac', '$dns1', '$dns2', '$subnet_id', '$asset_id')") or die(mysql_error());
						$node_id = mysql_insert_id();
						
						// redirect
						header_location("assetview.php?asset_id=" . $asset_id);
					}
					// display error
					$comments = "ipinuse";
				break;
				case ("subnet") :
					// get variables
					$subnet_address= $_POST['subnet_address'];
					$subnet_mask = $_POST['subnet_mask'];
					
					// check permission
					auth("subnet", $config_auth_subnetadd, 0);
					
					// update db
					mysql_query("INSERT INTO subnet (subnet_address, subnet_mask) VALUE ('$subnet_address', '$subnet_mask')") or die(mysql_error());
					$subnet_id = mysql_insert_id();
					
					// redirect
					header_location("subnetview.php?subnet_id=" . $subnet_id);
				break;
				case ("user") :
					// get variables
					$user_name = $_POST['user_name'];
					$user_pass = md5($config_user_pass);
					$user_level = $_POST['user_level'];
					$displayname = $_POST['user_name'];
					$user_lang = $config_user_lang;
					
					// check permission
					auth("user", $config_auth_useradd, 0);
					
					// check for unique username
					$result = mysql_query("SELECT user_name FROM user WHERE user_name='$user_name'") or die(mysql_error());
					if(mysql_num_rows($result) == 0) {						
						// update db
						mysql_query("INSERT INTO user (user_name, user_pass, user_level, user_displayname, user_lang) VALUE ('$user_name', '$user_pass', '$user_level', '$displayname', '$user_lang')") or die(mysql_error());
						$user_id = mysql_insert_id();
					
						// redirect							
						header_location("userview.php?user_id=" . $user_id);
					}
					// display error
					$comments = "usernameinuse";
				break;
				case ("userclass") :
					// get variables
					$userclass_name = $_POST['userclass_name'];
					
					// check permission
					auth("userclass", $config_auth_userclassadd, 0);
										
					// update db
					mysql_query("INSERT INTO userclass (userclass_name) VALUE ('$userclass_name')") or die(mysql_error());
					$userclass_id = mysql_insert_id();
					
					// redirect
					header_location("userclassview.php?userclass_id=" . $userclass_id);
				break;
				case ("userclassauth") :
					// get variables
					$userclass_id = $_POST['userclass_id'];
					$authitem = $_POST['authitem'];
					$item_id = $_POST['item_id'];
					$auth = $_POST['auth'];
					
					// check permission
					auth("userclassauth", $config_auth_userclassauthadd, 0);
										
					// update db
					mysql_query("INSERT INTO userclassauth (userclass_id, item, id, auth) VALUE ('$userclass_id', '$authitem', '$item_id', '$auth')") or die(mysql_error());
					$userclassauth_id = mysql_insert_id();
					
					// redirect
					header_location("userclassauth.php");
				break;
				case ("vlan") :
					// get variables
					$vlan_name = $_POST['vlan_name'];
					$vlan_number= $_POST['vlan_number'];
					
					// check permission
					auth("vlan", $config_auth_vlanadd, 0);
					
					// update db
					mysql_query("INSERT INTO vlan (vlan_name, vlan_number) VALUE ('$vlan_name', '$vlan_number')") or die(mysql_error());
					$vlan_id = mysql_insert_id();
					
					// redirect
					header_location("vlan.php?vlan_id=" . $vlan_id);
				break;
			}
		}
		
		if (isset($_POST['edit'])) {
			switch ($_POST['edit']) {
				case ("asset") :
					// get variables
					$asset_id = $_POST['asset_id'];
					$asset_name = $_POST['asset_name'];
					$hostname = $_POST['hostname'];
					$assetclass_id = $_POST['assetclass_id'];
					$asset_info = $_POST['asset_info'];
					
					// check permission
					auth("asset", $config_auth_assetedit, $asset_id);
					
					// update db
					mysql_query("UPDATE asset SET asset_name='$asset_name', hostname='$hostname', assetclass_id='$assetclass_id', asset_info='$asset_info' WHERE asset_id='$asset_id'") or die(mysql_error()) or die(mysql_error());
					
					// redirect
					header_location("assetview.php?asset_id=" . $asset_id);
				break;
				case ("assetclass") :
					// get variables
					$assetclass_id = $_POST['assetclass_id'];
					$assetclass_name = $_POST['assetclass_name'];
					$assetclassgroup_id = $_POST['assetclassgroup_id'];
					
					// check permission
					auth("assetclass", $config_auth_assetclassedit, $assetclass_id);
					
					// update db
					mysql_query("UPDATE assetclass SET assetclass_name='$assetclass_name', assetclassgroup_id='$assetclassgroup_id' WHERE assetclass_id='$assetclass_id'") or die(mysql_error());
					
					// redirect
					header_location("assetclassview.php?assetclass_id=" . $assetclass_id);
				break;
				case ("assetclassgroup") :
					// get variables
					$assetclassgroup_id = $_POST['assetclassgroup_id'];
					$assetclassgroup_name = $_POST['assetclassgroup_name'];
					$color = strtoupper($_POST['color']);
					$color = preg_replace("|[^a-zA-Z0-9]|", "", $color);
					
					// check permission
					auth("assetclassgroup", $config_auth_assetclassgroupedit, $assetclassgroup_id);
					
					// update db
					mysql_query("UPDATE assetclassgroup SET assetclassgroup_name='$assetclassgroup_name', color='$color' WHERE assetclassgroup_id='$assetclassgroup_id'") or die(mysql_error());
					
					// redirect
					header_location("assetclassgroupview.php?assetclassgroup_id=" . $assetclassgroup_id);
				break;
				case ("location") :
					// get variables
					$location_id = $_POST['location_id'];
					$location_name = $_POST['location_name'];
					$parent = $_POST['parent'];
					$location_info = $_POST['location_info'];
					
					// check permission
					auth("location", $config_auth_locationedit, $location_id);
					
					// update db
					mysql_query("UPDATE location SET location_name='$location_name', parent='$parent', location_info='$location_info' WHERE location_id='$location_id'") or die(mysql_error()) or die(mysql_error());
					
					// redirect
					header_location("locationview.php?location_id=" . $location_id);
				break;
				case ("node") :
					// get variables
					$node_id = $_POST['node_id'];
					$asset_id = $_POST['asset_id'];
					$subnet_id = $_POST['subnet_id'];
					$mac = strip_mac($_POST['mac']);
					$dns1 = $_POST['dns1'];
					$dns2 = $_POST['dns2'];
					$node_info = $_POST['node_info'];
					
					// check permission
					auth("node", $config_auth_nodeedit, $node_id);
					
					// update db
					mysql_query("UPDATE node SET asset_id='$asset_id', subnet_id='$subnet_id', mac='$mac', dns1='$dns1', dns2='$dns2', node_info='$node_info' WHERE node_id='$node_id'") or die(mysql_error());
					
					// redirect
					header_location("nodeview.php?node_id=" . $node_id);
				break;
				case ("subnet") :
					// get variables
					$subnet_id = $_POST['subnet_id'];
					$subnet_address= $_POST['subnet_address'];
					$subnet_mask = $_POST['subnet_mask'];
					$vlan_id = $_POST['vlan_id'];
					$subnet_info = $_POST['subnet_info'];
					
					// check permission
					auth("subnet", $config_auth_subnetedit, $subnet_id);
					
					// update db
					mysql_query("UPDATE subnet SET subnet_address='$subnet_address', subnet_mask='$subnet_mask', vlan_id='$vlan_id', subnet_info='$subnet_info' WHERE subnet_id='$subnet_id'") or die(mysql_error());
					
					// redirect
					header_location("subnetview.php?subnet_id=" . $subnet_id);
				break;
				case ("user") :
					// get variables
					$user_id = $_POST['user_id'];
					$user_name = $_POST['user_name'];
					$user_displayname = $_POST['user_displayname'];
					$user_mac = $_POST['user_mac'];
					$user_lang = $_POST['user_lang'];
					
					// check permission
					auth("user", $config_auth_useredit, $user_id);
					
					// update db
					mysql_query("UPDATE user SET user_displayname='$user_displayname', user_mac='$user_mac', user_lang='$user_lang' WHERE user_id='$user_id'") or die(mysql_error());
					
					// procedure to update useruserclass table
					// 1) delete current users
					mysql_query("DELETE FROM useruserclass WHERE user_id='$user_id'") or die(mysql_error());
					
					// 2) loop checkbox array for userclass_id
					foreach( $_POST['userclass_id'] AS $userclass_id) {
						// and insert
						mysql_query("INSERT INTO useruserclass (user_id, userclass_id) VALUE ('$user_id', '$userclass_id')") or die(mysql_error());
					}
					
					// redirect
					header_location("userview.php?user_id=" . $user_id);
				break;
				case ("userclass") :
					// get variables
					$userclass_id = $_POST['userclass_id'];
					$userclass_name = $_POST['userclass_name'];
					
					// check permission
					auth("userclass", $config_auth_userclassedit, $userclass_id);
					
					// update db
					mysql_query("UPDATE userclass SET userclass_name='$userclass_name' WHERE userclass_id='$userclass_id'") or die(mysql_error());
					
					// procedure to update useruserclass table
					// 1) delete current users
					mysql_query("DELETE FROM useruserclass WHERE userclass_id='$userclass_id'") or die(mysql_error());
					
					// 2) loop checkbox array for user_id
					foreach($_POST['user_id'] AS $user_id) {
						// and insert
						mysql_query("INSERT INTO useruserclass (user_id, userclass_id) VALUE ('$user_id', '$userclass_id')") or die(mysql_error());
					}
										
					// redirect
					header_location("userclassview.php?userclass_id=" . $userclass_id);
				break;
				case ("userpass") :
					// check variables
					if (trim($_POST['user_passold']) <> "" && trim($_POST['user_passnew1']) && trim($_POST['user_passnew2']) && trim($_POST['user_passnew1']) == trim($_POST['user_passnew2'])) {
						$suser_id = $_SESSION['suser_id'];
						
						// get variables
						$user_passold = $_POST['user_passold'];
						$user_passnew = md5($_POST['user_passnew1']);

						// get current pass
						$result = mysql_query("SELECT user_pass FROM user WHERE user_id='$suser_id'") or die(mysql_error());
						// check current pass
						if(!strcmp(md5($user_passold), mysql_result($result, 0, "user_pass"))) {
							// update db
							mysql_query("UPDATE user SET user_pass='$user_passnew' WHERE user_id='$suser_id'") or die(mysql_error());
							
							// redirect
							header_location("options.php");
						}
					}
					
					// display error
					echo '<b>Error!</b>';
				break;
				case ("vlan") :
					// get variables
					$vlan_id = $_POST['vlan_id'];
					$vlan_name = $_POST['vlan_name'];
					$vlan_number = $_POST['vlan_number'];
					$vlan_info = $_POST['vlan_info'];
					
					// check permission
					auth("vlan", $config_auth_vlanedit, $vlan_id);
					
					// update db
					mysql_query("UPDATE vlan SET vlan_name='$vlan_name', vlan_number='$vlan_number', vlan_info='$vlan_info' WHERE vlan_id='$vlan_id'") or die(mysql_error());
					
					// redirect
					header_location("vlanview.php?vlan_id=" . $vlan_id);
				break;
			}
		}
		
		if (isset($_POST['del'])) {
			switch ($_POST['del']) {
				case ("asset") :
					// get variables
					$asset_id = $_POST['asset_id'];
					
					// check permission
					auth("asset", $config_auth_assetdel, $asset_id);
					
					// update db
					mysql_query("DELETE FROM asset WHERE asset_id='$asset_id'") or die(mysql_error());
					mysql_query("DELETE FROM node WHERE asset_id='$asset_id'") or die(mysql_error());
					
					// redirect
					header_location("asset.php");
				break;
				case ("assetclass") :
					// get variables
					$assetclass_id = $_POST['assetclass_id'];
					
					// check permission
					auth("assetclass", $config_auth_assetclassdel, $assetclass_id);
					
					// update db
					mysql_query("DELETE FROM assetclass WHERE assetclass_id='$assetclass_id'") or die(mysql_error());
					
					// redirect
					header_location("assetclass.php");
				break;
				case ("assetclassgroup") :
					// get variables
					$assetclassgroup_id = $_POST['assetclassgroup_id'];
					
					// check permission
					auth("assetclassgroup", $config_auth_assetclassgroupdel, $assetclassgroup_id);
					
					// update db
					mysql_query("DELETE FROM assetclassgroup WHERE assetclassgroup_id='$assetclassgroup_id'") or die(mysql_error());
					
					// redirect
					header_location("assetclassgroup.php");
				break;
				case ("location") :
					// get variables
					$location_id = $_POST['location_id'];
					
					// check permission
					auth("location", $config_auth_locationdel, $location_id);
					
					// update db
					mysql_query("DELETE FROM location WHERE location_id='$location_id'") or die(mysql_error());
					
					// redirect
					header_location("location.php");
				break;
				case ("node") :
					// get variables
					$node_id = $_POST['node_id'];
					$asset_id = $_POST['asset_id'];
					
					// check permission
					auth("node", $config_auth_nodedel, $node_id);
					
					// update db
					mysql_query("DELETE FROM node WHERE node_id='$node_id'") or die(mysql_error());
					
					// redirect
					header_location("assetview.php?asset_id=" . $asset_id);
				break;
				case ("subnet") :
					// get variables
					$subnet_id = $_POST['subnet_id'];
					
					// check permission
					auth("subnet", $config_auth_subnetdel, $subnet_id);
					
					// update db
					mysql_query("DELETE FROM subnet WHERE subnet_id='$subnet_id'") or die(mysql_error());
					mysql_query("DELETE FROM node WHERE subnet_id='$subnet_id'") or die(mysql_error());
					
					// redirect
					header_location("subnet.php");
				break;
				case ("user") :
					// get variables
					$user_id = $_POST['user_id'];
					
					// check permission
					auth("user", $config_auth_userdel, $user_id);
					
					// update db
					mysql_query("DELETE FROM user WHERE user_id='$user_id'") or die(mysql_error());
					
					// redirect
					header_location("user.php");
				break;
				case ("userclass") :
					// get variables
					$userclass_id = $_POST['userclass_id'];
					
					// check permission
					auth("userclass", $config_auth_userclassdel, $userclass_id);
					
					// update db
					mysql_query("DELETE FROM userclass WHERE userclass_id='$userclass_id'") or die(mysql_error());
					
					// redirect
					header_location("userclass.php");
				break;
				case ("vlan") :
					// get variables
					$vlan_id = $_POST['vlan_id'];
					
					// check permission
					auth("vlan", $config_auth_vlandel, $vlan_id);
					
					// update db
					mysql_query("DELETE FROM vlan WHERE vlan_id='$vlan_id'") or die(mysql_error());
					
					// redirect
					header_location("vlan.php");
				break;
			}
		}
	}
	
	// still not redirected, check for error
	if(empty($comments)) {
		$comments = "notallowed";
	}
	
	// redirect
	header_location("comments.php?comments=" . $comments);
?>