CX: Viewing File server/web/admin.php of 0.02.43a

File: 0.02.43a/server/web/admin.php (View as Code)

1: 2: /* ------------------------------------------------------------- 3: This file is part of FreeNATS 4: 5: FreeNATS is (C) Copyright 2008 PurplePixie Systems 6: 7: FreeNATS is free software: you can redistribute it and/or modify 8: it under the terms of the GNU General Public License as published by 9: the Free Software Foundation, either version 3 of the License, or 10: (at your option) any later version. 11: 12: FreeNATS is distributed in the hope that it will be useful, 13: but WITHOUT ANY WARRANTY; without even the implied warranty of 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15: GNU General Public License for more details. 16: 17: You should have received a copy of the GNU General Public License 18: along with FreeNATS. If not, see www.gnu.org/licenses 19: 20: For more information see www.purplepixie.org/freenats 21: -------------------------------------------------------------- */ 22: 23: ob_start(); 24: require("include.php"); 25: $NATS->Start(); 26: if (!$NATS_Session->Check($NATS->DB)) 27: { 28: header("Location: ./?login_msg=Invalid+Or+Expired+Session"); 29: exit(); 30: } 31: if ($NATS_Session->userlevel<9) UL_Error("Action Node"); 32: 33: if (isset($_REQUEST['action'])) 34: { 35: switch($_REQUEST['action']) 36: { 37: case "save_user": 38: $q="UPDATE fnuser SET realname=\"".ss($_REQUEST['realname'])."\",userlevel=".ss($_REQUEST['userlevel']); 39: if ((isset($_REQUEST['pword']))&&($_REQUEST['pword']!="_NOTTHIS_")) $q.=",password=MD5(\"".ss($_REQUEST['pword'])."\")"; 40: $q.=" WHERE username=\"".ss($_REQUEST['username'])."\""; 41: $NATS->DB->Query($q); 42: if ($NATS->DB->Affected_Rows()<=0) $amsg="Save User Failed or Nothing Changed"; 43: else $amsg="Save User ".$_REQUEST['username']." Succeeded"; 44: break; 45: 46: case "create_user": 47: $q="INSERT INTO fnuser(username,password,realname,userlevel) VALUES(\"".ss($_REQUEST['username'])."\","; 48: $q.="MD5(\"".ss($_REQUEST['pword'])."\"),\"".ss($_REQUEST['realname'])."\",".ss($_REQUEST['userlevel']).")"; 49: $NATS->DB->Query($q); 50: //echo $q; 51: if ($NATS->DB->Affected_Rows()<=0) $amsg="Create User Failed"; 52: else $amsg="User ".$_REQUEST['username']." Created"; 53: break; 54: 55: case "delete_user": 56: if ($_REQUEST['username']=="admin") 57: { 58: $amsg="Can't delete the admin user"; 59: break; 60: } 61: if (!isset($_REQUEST['confirmed'])) 62: { 63: $back=urlencode("admin.php?action=delete_user&username=".$_REQUEST['username']."&confirmed=1"); 64: $url="confirm.php?action=Delete+User+".$_REQUEST['username']."&back=".$back; 65: header("Location: ".$url); 66: exit(); 67: } 68: $q="DELETE FROM fnuser WHERE username=\"".ss($_REQUEST['username'])."\""; 69: $NATS->DB->Query($q); 70: $amsg="User ".$_REQUEST['username']." Deleted"; 71: break; 72: 73: case "var_save": 74: if ($_REQUEST['new_var']=="") // delete 75: { 76: $q="DELETE FROM fnconfig WHERE fnc_var=\"".ss($_REQUEST['orig_var'])."\""; 77: } 78: else // update 79: { 80: $q="UPDATE fnconfig SET fnc_var=\"".ss($_REQUEST['new_var'])."\",fnc_val=\"".ss($_REQUEST['new_val'])."\" "; 81: $q.="WHERE fnc_var=\"".ss($_REQUEST['orig_var'])."\""; 82: } 83: $NATS->DB->Query($q); 84: if ($NATS->DB->Affected_Rows()<=0) $amsg="Update/Delete Variable Failed"; 85: else $amsg="Updated/Deleted Variable"; 86: break; 87: case "var_new": 88: $q="INSERT INTO fnconfig(fnc_var,fnc_val) VALUES(\"".ss($_REQUEST['new_var'])."\",\"".ss($_REQUEST['new_val'])."\")"; 89: //echo $q; 90: $NATS->DB->Query($q); 91: if ($NATS->DB->Affected_Rows()<=0) $amsg="Create Variable Failed"; 92: else $amsg="Created Variable"; 93: break; 94: 95: case "save_aa": 96: $q="UPDATE fnalertaction SET "; 97: $q.="atype=\"".ss($_REQUEST['atype'])."\","; 98: $q.="ctrlimit=".ss($_REQUEST['ctrlimit']).","; 99: $q.="ctrtoday=".ss($_REQUEST['ctrtoday']).","; 100: $q.="aname=\"".ss($_REQUEST['aname'])."\","; 101: $q.="efrom=\"".ss($_REQUEST['efrom'])."\","; 102: $q.="etolist=\"".ss($_REQUEST['etolist'])."\","; 103: $q.="esubject=".ss($_REQUEST['esubject']).","; 104: $q.="etype=".ss($_REQUEST['etype']); 105: if (isset($_REQUEST['awarnings'])) $q.=",awarnings=".ss($_REQUEST['awarnings']); 106: else $q.=",awarnings=0"; 107: if (isset($_REQUEST['adecrease'])) $q.=",adecrease=".ss($_REQUEST['adecrease']); 108: else $q.=",adecrease=0"; 109: $q.=" WHERE aaid=".ss($_REQUEST['aaid']); 110: //echo $q; 111: $NATS->DB->Query($q); 112: if ($NATS->DB->Affected_Rows()<=0) $amsg="Action Update Failed or Nothing Changed"; 113: else $amsg="Action Updated"; 114: break; 115: 116: case "action_test": 117: $q="SELECT mdata FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid'])." LIMIT 0,1"; 118: $r=$NATS->DB->Query($q); 119: $row=$NATS->DB->Fetch_Array($r); 120: $oldm=$row['mdata']; 121: $q="UPDATE fnalertaction SET mdata=\"** ACTION TEST **\" WHERE aaid=".ss($_REQUEST['aaid']); 122: $NATS->DB->Query($q); 123: $NATS->ActionFlush(); 124: $q="UPDATE fnalertaction SET mdata=\"".ss($oldm)."\" WHERE aaid=".ss($_REQUEST['aaid']); 125: $NATS->DB->Query($q); 126: $amsg="Alert Action Tested & Flushed"; 127: break; 128: 129: case "action_create": 130: $q="INSERT INTO fnalertaction(atype) VALUES(\"\")"; 131: $NATS->DB->Query($q); 132: $amsg="Created New Alert Action"; 133: break; 134: 135: case "action_delete": 136: if (!isset($_REQUEST['confirmed'])) 137: { 138: $back=urlencode("admin.php?aaid_del=".$_REQUEST['aaid_del']."&action=action_delete&confirmed=1"); 139: $url="confirm.php?action=Delete+alert+action&back=".$back; 140: header("Location: ".$url); 141: exit(); 142: } 143: // otherwise confirmed 144: $q="DELETE FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid_del']); 145: $NATS->DB->Query($q); 146: if ($NATS->DB->Affected_Rows()>0) $amsg="Alert Action Deleted"; 147: else $amsg="Alert Action Delete Failed"; 148: $q="DELETE FROM fnnalink WHERE aaid=".ss($_REQUEST['aaid_del']); 149: $NATS->DB->Query($q); 150: break; 151: 152: } 153: } 154: 155: ob_end_flush(); 156: Screen_Header("Administration Interface",1); 157: 158: if (isset($_REQUEST['message'])) echo "
".$_REQUEST['message']."
"; 159: if (isset($amsg)) echo "
".$amsg."
"; 160: 161: echo "
"; 162: if (isset($_REQUEST['updatecheck'])) 163: { 164: // check for updates 165: $dq="?CheckVersion=".$NATS->Version."&JSMode=1"; 166: $dl="http://www.purplepixie.org/freenats/download.php"; 167: $du=$dl.$dq; 168: /* old method 169: $cp=@fopen($du,"r"); 170: if ($cp>0) 171: { 172: $cs=@fgets($cp,128); 173: @fclose($cp); 174: if ($cs=="0") echo "System Up to Date
"; 175: else echo "Update Available: ".$cs."
"; 176: } 177: else echo "Error Checking for Updates
"; 178: */ 179: echo "Checking Version: "; 180: echo "\n"; 181: echo "

"; 182: } 183: else 184: { 185: echo "Check for FreeNATS Updates"; 186: } 187: echo "
"; 188: 189: ?> 190:
191: Users

192: 193: 194: function tul($l) 195: { 196: if ($l>9) return "Administrator"; 197: if ($l>4) return "Power User"; 198: if ($l>0) return "Normal User"; 199: return "Disabled"; 200: } 201: 202: $q="SELECT username,realname,userlevel FROM fnuser"; 203: $r=$NATS->DB->Query($q); 204: echo ""; 205: echo ""; 206: echo ""; 207: while ($row=$NATS->DB->Fetch_Array($r)) 208: { 209: echo ""; 210: echo ""; 211: echo ""; 212: echo ""; 213: echo ""; 214: echo ""; 222: echo ""; 223: echo ""; 224: echo ""; 225: echo ""; 226: } 227: echo ""; 228: echo ""; 229: echo ""; 230: echo ""; 231: echo ""; 237: echo ""; 238: echo ""; 239: echo ""; 240: echo "

Username	Real Name	User Level	Password	Options
".$row['username']."		"; 221: echo "		Delete

"; 241: echo "
"; 242: $NATS->DB->Free($r); 243: 244: echo "Test Sessions

"; 245: $q="SELECT * FROM fntestrun ORDER BY trid DESC"; 246: if (!isset($_REQUEST['ShowAllSessions'])) $q.=" LIMIT 0,5"; 247: $r=$NATS->DB->Query($q); 248: echo ""; 249: while ($row=$NATS->DB->Fetch_Array($r)) 250: { 251: echo ""; 252: echo ""; 257: } 258: echo "

run/".$row['trid']."

".nicedt($row['startx'])." - "; 253: if ($row['finishx']>0) echo nicedt($row['finishx']); 254: else echo "Still Running"; 255: echo " (System Logs)"; 256: echo "

"; 259: $NATS->DB->Free($r); 260: echo "
"; 261: if (!isset($_REQUEST['ShowAllSessions'])) echo "Show All Testing Sessions

"; 262: echo "
"; 263: 264: echo "Alert Actions

"; 265: 266: function aat_etype($type) 267: { 268: switch ($type) 269: { 270: case 0: return "Short"; 271: case 1: return "Long"; 272: default: return "Unknown"; 273: } 274: } 275: 276: function aat_esub($type) 277: { 278: switch ($type) 279: { 280: case 0: return "Blank"; 281: case 1: return "Short"; 282: case 2: return "Long"; 283: default: return "Unknown"; 284: } 285: } 286: 287: function aat_atype($type) 288: { 289: switch($type) 290: { 291: case "": case "Disabled": return "Disabled"; 292: case "email": return "EMail"; 293: default: return "Unknown"; 294: } 295: } 296: 297: 298: 299: if (isset($_REQUEST['aaid'])) 300: { // view/edit aaid 301: $q="SELECT * FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid']); 302: $r=$NATS->DB->Query($q); 303: if (!$row=$NATS->DB->Fetch_Array($r)) 304: { 305: echo "Error Fetching AAID

"; 306: Screen_Footer(); 307: exit(); 308: } 309: echo ""; 310: echo ""; 311: echo ""; 312: echo ""; 313: echo ""; 314: 315: echo ""; 316: echo ""; 319: 320: echo ""; 327: 328: echo ""; 329: if ($row['awarnings']==1) $s=" checked"; 330: else $s=""; 331: echo ""; 332: 333: echo ""; 334: if ($row['adecrease']==1) $s=" checked"; 335: else $s=""; 336: echo ""; 337: 338: echo ""; 339: echo ""; 343: 344: echo ""; 345: echo ""; 353: 354: echo ""; 355: echo ""; 358: 359: echo ""; 367: 368: echo ""; 375: 376: echo ""; 379: 380: echo ""; 384: 385: echo "

ID :	action/".$_REQUEST['aaid']."
Action Name :	"; 317: echo ""; 318: echo "
Type :	"; 321: echo ""; 326: echo "
Warnings :	".hlink("AAction:Warnings")."
Decreases :	".hlink("AAction:Decreases")."
Action Limit :	"; 340: echo " "; 341: echo hlink("AAction:Limit"); 342: echo "
Action Counter :	"; 346: echo " "; 347: echo hlink("AAction:Counter"); 348: echo " (for "; 349: if ($row['ctrdate']=="") echo "unknown"; 350: else echo substr($row['ctrdate'],6,2)."/".substr($row['ctrdate'],4,2)."/".substr($row['ctrdate'],0,4); 351: echo ")"; 352: echo "
Email From :	"; 356: echo ""; 357: echo "
Email Subject :	"; 360: echo ""; 366: echo "
Email Type :	"; 369: echo ""; 374: echo "
Email To :	"; 377: echo "".$row['etolist'].""; 378: echo "
Cancel Update \| "; 381: echo "Test Action \| "; 382: echo "Delete Action"; 383: echo "

"; 386: $NATS->DB->Free($r); 387: } 388: 389: $q="SELECT aaid,atype,aname FROM fnalertaction"; 390: $r=$NATS->DB->Query($q); 391: while ($row=$NATS->DB->Fetch_Array($r)) 392: { 393: echo "action/".$row['aaid']." : ".$row['aname']." - "; 394: echo aat_atype($row['atype']); 395: echo "
"; 396: } 397: 398: echo "
Create New Alert Action
"; 399: echo "

"; 400: 401: echo "System Logs

"; 402: echo "System Event Log

"; 403: 404: echo "

"; 405: 406: echo "Variables ".hlink("Variable")."

"; 407: $q="SELECT * FROM fnconfig ORDER BY fnc_var ASC"; 408: $r=$NATS->DB->Query($q); 409: echo ""; 410: while ($row=$NATS->DB->Fetch_Array($r)) 411: { 412: echo ""; 413: echo ""; 414: echo ""; 415: echo ""; 416: echo ""; 418: echo ""; 419: echo ""; 420: echo ""; 423: echo ""; 424: echo ""; 425: } 426: echo ""; 427: echo ""; 428: echo ""; 429: echo ""; 430: echo ""; 431: echo ""; 432: echo ""; 433: echo ""; 434: echo "

"; 417: echo "	=		"; 421: echo hlink("Var:".$row['fnc_var']); 422: echo "
	=

"; 435: 436: ?> 437: 438: 439: 440: Screen_Footer(); 441: ?> 442: