File: 0.02.51a/server/web/admin.php (View as HTML)

  1: <?php
  2: /* -------------------------------------------------------------
  3: This file is part of FreeNATS
  4: 
  5: FreeNATS is (C) Copyright 2008 PurplePixie Systems
  6: 
  7: FreeNATS is free software: you can redistribute it and/or modify
  8: it under the terms of the GNU General Public License as published by
  9: the Free Software Foundation, either version 3 of the License, or
 10: (at your option) any later version.
 11: 
 12: FreeNATS is distributed in the hope that it will be useful,
 13: but WITHOUT ANY WARRANTY; without even the implied warranty of
 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 15: GNU General Public License for more details.
 16: 
 17: You should have received a copy of the GNU General Public License
 18: along with FreeNATS.  If not, see www.gnu.org/licenses
 19: 
 20: For more information see www.purplepixie.org/freenats
 21: -------------------------------------------------------------- */
 22: 
 23: ob_start();
 24: require("include.php");
 25: $NATS->Start();
 26: if (!$NATS_Session->Check($NATS->DB))
 27: 	{
 28: 	header("Location: ./?login_msg=Invalid+Or+Expired+Session");
 29: 	exit();
 30: 	}
 31: if ($NATS_Session->userlevel<9) UL_Error("Action Node");
 32: 
 33: if (isset($_REQUEST['action']))
 34: 	{
 35: 	switch($_REQUEST['action'])
 36: 		{
 37: 		case "save_user":
 38: 		$q="UPDATE fnuser SET realname=\"".ss($_REQUEST['realname'])."\",userlevel=".ss($_REQUEST['userlevel']);
 39: 		if ((isset($_REQUEST['pword']))&&($_REQUEST['pword']!="_NOTTHIS_")) $q.=",password=MD5(\"".ss($_REQUEST['pword'])."\")";
 40: 		$q.=" WHERE username=\"".ss($_REQUEST['username'])."\"";
 41: 		$NATS->DB->Query($q);
 42: 		if ($NATS->DB->Affected_Rows()<=0) $amsg="Save User Failed or Nothing Changed";
 43: 		else $amsg="Save User ".$_REQUEST['username']." Succeeded";
 44: 		break;
 45: 		
 46: 		case "create_user":
 47: 		$q="INSERT INTO fnuser(username,password,realname,userlevel) VALUES(\"".ss($_REQUEST['username'])."\",";
 48: 		$q.="MD5(\"".ss($_REQUEST['pword'])."\"),\"".ss($_REQUEST['realname'])."\",".ss($_REQUEST['userlevel']).")";
 49: 		$NATS->DB->Query($q);
 50: 		//echo $q;
 51: 		if ($NATS->DB->Affected_Rows()<=0) $amsg="Create User Failed";
 52: 		else $amsg="User ".$_REQUEST['username']." Created";
 53: 		break;
 54: 		
 55: 		case "delete_user": 
 56: 		/* - disabled for 0.02.44 to allow duplicate deletion
 57: 		if ($_REQUEST['username']=="admin")
 58: 			{
 59: 			$amsg="Can't delete the admin user";
 60: 			break;
 61: 			}
 62: 		*/
 63: 		if (!isset($_REQUEST['confirmed']))
 64: 			{
 65: 			$back=urlencode("admin.php?action=delete_user&username=".$_REQUEST['username']."&confirmed=1");
 66: 			$url="confirm.php?action=Delete+User+".$_REQUEST['username']."&back=".$back;
 67: 			header("Location: ".$url);
 68: 			exit();
 69: 			}
 70: 		$q="DELETE FROM fnuser WHERE username=\"".ss($_REQUEST['username'])."\"";
 71: 		$NATS->DB->Query($q);
 72: 		$amsg="User ".$_REQUEST['username']." Deleted";
 73: 		break;
 74: 		
 75: 		case "var_save":
 76: 		if ($_REQUEST['new_var']=="") // delete
 77: 			{
 78: 			$q="DELETE FROM fnconfig WHERE fnc_var=\"".ss($_REQUEST['orig_var'])."\"";
 79: 			}
 80: 		else // update
 81: 			{
 82: 			$q="UPDATE fnconfig SET fnc_var=\"".ss($_REQUEST['new_var'])."\",fnc_val=\"".ss($_REQUEST['new_val'])."\" ";
 83: 			$q.="WHERE fnc_var=\"".ss($_REQUEST['orig_var'])."\"";
 84: 			}
 85: 		$NATS->DB->Query($q);
 86: 		if ($NATS->DB->Affected_Rows()<=0) $amsg="Update/Delete Variable Failed";
 87: 		else $amsg="Updated/Deleted Variable";
 88: 		break;
 89: 		case "var_new":
 90: 		$q="INSERT INTO fnconfig(fnc_var,fnc_val) VALUES(\"".ss($_REQUEST['new_var'])."\",\"".ss($_REQUEST['new_val'])."\")";
 91: 		//echo $q;
 92: 		$NATS->DB->Query($q);
 93: 		if ($NATS->DB->Affected_Rows()<=0) $amsg="Create Variable Failed";
 94: 		else $amsg="Created Variable";
 95: 		break;
 96: 		
 97: 		case "save_aa":
 98: 		$q="UPDATE fnalertaction SET ";
 99: 		$q.="atype=\"".ss($_REQUEST['atype'])."\",";
100: 		$q.="ctrlimit=".ss($_REQUEST['ctrlimit']).",";
101: 		$q.="ctrtoday=".ss($_REQUEST['ctrtoday']).",";
102: 		$q.="aname=\"".ss($_REQUEST['aname'])."\",";
103: 		if (isset($_REQUEST['efrom'])) $q.="efrom=\"".ss($_REQUEST['efrom'])."\",";
104: 		$q.="etolist=\"".ss($_REQUEST['etolist'])."\",";
105: 		if (isset($_REQUEST['esubject'])) $q.="esubject=".ss($_REQUEST['esubject']).",";
106: 		$q.="etype=".ss($_REQUEST['etype']);
107: 		if (isset($_REQUEST['awarnings'])) $q.=",awarnings=".ss($_REQUEST['awarnings']);
108: 		else $q.=",awarnings=0";
109: 		if (isset($_REQUEST['adecrease'])) $q.=",adecrease=".ss($_REQUEST['adecrease']);
110: 		else $q.=",adecrease=0";
111: 		$q.=" WHERE aaid=".ss($_REQUEST['aaid']);
112: 		//echo $q;
113: 		$NATS->DB->Query($q);
114: 		if ($NATS->DB->Affected_Rows()<=0) $amsg="Action Update Failed or Nothing Changed";
115: 		else $amsg="Action Updated";
116: 		break;
117: 		
118: 		case "action_test":
119: 		$q="SELECT mdata FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid'])." LIMIT 0,1";
120: 		$r=$NATS->DB->Query($q);
121: 		$row=$NATS->DB->Fetch_Array($r);
122: 		$oldm=$row['mdata'];
123: 		$q="UPDATE fnalertaction SET mdata=\"** ACTION TEST **\" WHERE aaid=".ss($_REQUEST['aaid']);
124: 		$NATS->DB->Query($q);
125: 		$NATS->ActionFlush();
126: 		$q="UPDATE fnalertaction SET mdata=\"".ss($oldm)."\" WHERE aaid=".ss($_REQUEST['aaid']);
127: 		$NATS->DB->Query($q);
128: 		$amsg="Alert Action Tested &amp; Flushed";
129: 		break;
130: 		
131: 		case "action_create":
132: 		$q="INSERT INTO fnalertaction(atype) VALUES(\"\")";
133: 		$NATS->DB->Query($q);
134: 		$amsg="Created New Alert Action";
135: 		break;
136: 		
137: 		case "action_delete":
138: 		if (!isset($_REQUEST['confirmed']))
139: 			{
140: 			$back=urlencode("admin.php?aaid_del=".$_REQUEST['aaid_del']."&action=action_delete&confirmed=1");
141: 			$url="confirm.php?action=Delete+alert+action&back=".$back;
142: 			header("Location: ".$url);
143: 			exit();
144: 			}
145: 		// otherwise confirmed
146: 		$q="DELETE FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid_del']);
147: 		$NATS->DB->Query($q);
148: 		if ($NATS->DB->Affected_Rows()>0) $amsg="Alert Action Deleted";
149: 		else $amsg="Alert Action Delete Failed";
150: 		$q="DELETE FROM fnnalink WHERE aaid=".ss($_REQUEST['aaid_del']);
151: 		$NATS->DB->Query($q);
152: 		break;
153: 		
154: 		}
155: 	}
156: 
157: ob_end_flush();
158: Screen_Header("Administration Interface",1);
159: 
160: if (isset($_REQUEST['message'])) echo "<br><b>".$_REQUEST['message']."</b><br>";
161: if (isset($amsg)) echo "<br><b>".$amsg."</b><br>";
162: 
163: echo "<br>";
164: if (isset($_REQUEST['updatecheck']))
165: 	{
166: 	// check for updates
167: 	$dq="?CheckVersion=".$NATS->Version."&JSMode=1";
168: 	$dl="http://www.purplepixie.org/freenats/download.php";
169: 	$du=$dl.$dq;
170: 	/* old method
171: 	$cp=@fopen($du,"r");
172: 	if ($cp>0)
173: 		{
174: 		$cs=@fgets($cp,128);
175: 		@fclose($cp);
176: 		if ($cs=="0") echo "System Up to Date<br>";
177: 		else echo "Update Available: <a href=http://www.purplepixie.org/freenats>".$cs."</a><br>";
178: 		}
179: 	else echo "Error Checking for Updates<br>";
180: 	*/
181: 	echo "Checking Version: ";
182: 	echo "<script type=\"text/javascript\" src=\"".$du."\"></script>\n";
183: 	echo "<br><br>";
184: 	}
185: else
186: 	{
187: 	echo "<a href=admin.php?updatecheck=1>Check for FreeNATS Updates</a>";
188: 	}
189: echo "<br>";
190: 
191: ?>
192: <br>
193: <b class="minortitle">Users</b><br><br>
194: 
195: <?php
196: function tul($l)
197: {
198: if ($l>9) return "Administrator";
199: if ($l>4) return "Power User";
200: if ($l>0) return "Normal User";
201: return "Disabled";
202: }
203: 
204: $q="SELECT username,realname,userlevel FROM fnuser";
205: $r=$NATS->DB->Query($q);
206: echo "<table border=0>";
207: echo "<tr><td><b>Username&nbsp;</b></td>";
208: echo "<td><b>Real Name</b></td><td><b>User Level</b></td><td><b>Password</b></td><td><b>Options</b></td></tr>";
209: while ($row=$NATS->DB->Fetch_Array($r))
210: 	{
211: 	echo "<form action=admin.php method=post>";
212: 	echo "<input type=hidden name=action value=save_user>";
213: 	echo "<input type=hidden name=username value=\"".$row['username']."\">";
214: 	echo "<tr><td>".$row['username']."</td>";
215: 	echo "<td><input type=text name=realname value=\"".$row['realname']."\" size=20 maxlength=120></td>";
216: 	echo "<td><select name=userlevel>";
217: 	echo "<option value=".$row['userlevel'].">".tul($row['userlevel'])."</option>";
218: 	echo "<option value=0>".tul(0)."</option>";
219: 	echo "<option value=1>".tul(1)."</option>";
220: 	echo "<option value=5>".tul(5)."</option>";
221: 	echo "<option value=10>".tul(10)."</option>";
222: 	echo "</select>";
223: 	echo "</td>";
224: 	echo "<td><input type=password name=pword value=\"_NOTTHIS_\" size=10 maxlength=128></td>";
225: 	echo "<td><input type=submit value=\"Save\"> <a href=admin.php?action=delete_user&username=".$row['username'].">Delete</a></td>";
226: 	echo "</tr>";
227: 	echo "</form>";
228: 	}
229: echo "<form action=admin.php method=post>";
230: echo "<input type=hidden name=action value=create_user>";
231: echo "<tr><td><input type=text name=username size=20 maxlength=60></td>";
232: echo "<td><input type=text name=realname size=20 maxlength=120></td>";
233: echo "<td><select name=userlevel>";
234: echo "<option value=1>".tul(1)."</option>";
235: echo "<option value=0>".tul(0)."</option>";
236: echo "<option value=5>".tul(5)."</option>";
237: echo "<option value=10>".tul(10)."</option>";
238: echo "</select></td>";
239: echo "<td><input type=password name=pword size=10 maxlength=60></td>";
240: echo "<td><input type=submit value=\"Create User\"></td>";
241: echo "</tr></form>";
242: echo "</table><br>";
243: echo "<br>";
244: $NATS->DB->Free($r);
245: 
246: echo "<b class=\"minortitle\">Test Sessions</b><br><br>";
247: $q="SELECT * FROM fntestrun ORDER BY trid DESC";
248: if (!isset($_REQUEST['ShowAllSessions'])) $q.=" LIMIT 0,5";
249: $r=$NATS->DB->Query($q);
250: echo "<table border=0>";
251: while ($row=$NATS->DB->Fetch_Array($r))
252: 	{
253: 	echo "<tr><td><a href=testrun.php?trid=".$row['trid'].">run/".$row['trid']."</a></td>";
254: 	echo "<td>".nicedt($row['startx'])." - ";
255: 	if ($row['finishx']>0) echo nicedt($row['finishx']);
256: 	else echo "Still Running";
257: 	echo " (<a href=log.php?f_entry=Tester+".$row['trid'].">System Logs</a>)";
258: 	echo "</td></tr>";
259: 	}
260: echo "</table>";
261: $NATS->DB->Free($r);
262: echo "<br>";
263: if (!isset($_REQUEST['ShowAllSessions'])) echo "<a href=admin.php?ShowAllSessions=1>Show All Testing Sessions</a><br><br>";
264: echo "<br>";
265: 
266: echo "<b class=\"minortitle\">Alert Actions</b><br><br>";
267: 
268: function aat_etype($type)
269: {
270: switch ($type)
271: 	{
272: 	case 0: return "Short";
273: 	case 1: return "Long";
274: 	default: return "Unknown";
275: 	}
276: }
277: 
278: function aat_esub($type)
279: {
280: switch ($type)
281: 	{
282: 	case 0: return "Blank";
283: 	case 1: return "Short";
284: 	case 2: return "Long";
285: 	default: return "Unknown";
286: 	}
287: }
288: 
289: function aat_atype($type)
290: {
291: switch($type)
292: 	{
293: 	case "": case "Disabled": return "Disabled";
294: 	case "email": return "EMail";
295: 	case "url": return "URL";
296: 	default: return "Unknown";
297: 	}
298: }
299: 
300: 
301: 
302: if (isset($_REQUEST['aaid']))
303: 	{ // view/edit aaid
304: 	$q="SELECT * FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid']);
305: 	$r=$NATS->DB->Query($q);
306: 	if (!$row=$NATS->DB->Fetch_Array($r))
307: 		{
308: 		echo "<b>Error Fetching AAID</b><br><br>";
309: 		Screen_Footer();
310: 		exit();
311: 		}
312: 	echo "<table border=0>";
313: 	echo "<form action=admin.php method=post>";
314: 	echo "<input type=hidden name=action value=save_aa>";
315: 	echo "<input type=hidden name=aaid value=".$_REQUEST['aaid'].">";
316: 	echo "<tr><td>ID : </td><td>action/".$_REQUEST['aaid']."</td></tr>";
317: 	
318: 	echo "<tr><td>Action Name : </td>";
319: 	echo "<td>";
320: 	echo "<input type=text name=aname size=30 maxlength=120 value=\"".$row['aname']."\">";
321: 	echo "</td></tr>";
322: 	
323: 	echo "<tr><td>Type : </td><td>";
324: 	echo "<select name=atype>";
325: 	echo "<option value=".$row['atype'].">".aat_atype($row['atype'])."</option>";
326: 	echo "<option value=Disabled>Disabled</option>";
327: 	echo "<option value=email>EMail</option>";
328: 	echo "<option value=url>URL</option>";
329: 	echo "</select>";
330: 	echo "</td></tr>";
331: 	
332: 	echo "<tr><td>Warnings : </td>";
333: 	if ($row['awarnings']==1) $s=" checked";
334: 	else $s="";
335: 	echo "<td><input type=checkbox name=awarnings value=1".$s."> ".hlink("AAction:Warnings")."</td></tr>";
336: 	
337: 	echo "<tr><td>Decreases : </td>";
338: 	if ($row['adecrease']==1) $s=" checked";
339: 	else $s="";
340: 	echo "<td><input type=checkbox name=adecrease value=1".$s."> ".hlink("AAction:Decreases")."</td></tr>";
341: 	
342: 	echo "<tr><td>Action Limit : </td>";
343: 	echo "<td>";
344: 	echo "<input type=text name=ctrlimit size=3 maxlength=6 value=\"".$row['ctrlimit']."\"> ";
345: 	echo hlink("AAction:Limit");
346: 	echo "</td></tr>";
347: 	
348: 	echo "<tr><td>Action Counter : </td>";
349: 	echo "<td>";
350: 	echo "<input type=text name=ctrtoday size=3 maxlength=6 value=\"".$row['ctrtoday']."\"> ";
351: 	echo hlink("AAction:Counter");
352: 	echo " (for ";
353: 	if ($row['ctrdate']=="") echo "<i>unknown</i>";
354: 	else echo substr($row['ctrdate'],6,2)."/".substr($row['ctrdate'],4,2)."/".substr($row['ctrdate'],0,4);
355: 	echo ")";
356: 	echo "</td></tr>";
357: 	
358: if ($row['atype']!="url")
359: 	{
360: 	
361: 	echo "<tr><td>Email From : </td>";
362: 	echo "<td>";
363: 	echo "<input type=text name=efrom size=30 maxlength=120 value=\"".$row['efrom']."\">";
364: 	echo "</td></tr>";
365: 	
366: 	echo "<tr><td>Email Subject : </td><td>";
367: 	echo "<select name=esubject>";
368: 	echo "<option value=".$row['esubject'].">".aat_esub($row['esubject'])."</option>";
369: 	echo "<option value=0>Blank</option>";
370: 	echo "<option value=1>Short</option>";
371: 	echo "<option value=2>Long</option>";
372: 	echo "</select>";
373: 	echo "</td></tr>";
374: 	
375: 	}
376: 	
377: 	echo "<tr><td>Msg Type : </td><td>";
378: 	echo "<select name=etype>";
379: 	echo "<option value=".$row['etype'].">".aat_etype($row['etype'])."</option>";
380: 	echo "<option value=0>Short</option>";
381: 	echo "<option value=1>Long</option>";
382: 	echo "</select>";
383: 	echo "</td></tr>";
384: 	
385: 	echo "<tr><td valign=top>Email To<br>or URL : </td><td>";
386: 	echo "<textarea name=etolist cols=40 rows=6>".$row['etolist']."</textarea>";
387: 	echo "</td></tr>";
388: 	
389: 	echo "<tr><td colspan=2><input type=submit value=\"Update Action\"> &nbsp; <a href=admin.php>Cancel Update</a> | ";
390: 	echo "<a href=admin.php?aaid=".$_REQUEST['aaid']."&action=action_test>Test Action</a> | ";
391: 	echo "<a href=admin.php?aaid_del=".$_REQUEST['aaid']."&action=action_delete>Delete Action</a>";
392: 	echo "</td></tr>";
393: 	
394: 	echo "</form></table><br><br>";
395: 	$NATS->DB->Free($r);
396: 	}
397: 
398: $q="SELECT aaid,atype,aname FROM fnalertaction";
399: $r=$NATS->DB->Query($q);
400: while ($row=$NATS->DB->Fetch_Array($r))
401: 	{
402: 	echo "<a href=admin.php?aaid=".$row['aaid'].">action/".$row['aaid']." : ".$row['aname']."</a> - ";
403: 	echo aat_atype($row['atype']);
404: 	echo "<br>";
405: 	}
406: 
407: echo "<br><a href=admin.php?action=action_create><b>Create New Alert Action</b></a><br>";
408: echo "<br><br>";
409: 
410: echo "<b class=\"minortitle\">System Logs</b><br><br>";
411: echo "<a href=log.php>System Event Log</a><br><br>";
412: 
413: echo "<br><br>";
414: 
415: echo "<b class=\"minortitle\">Variables</b> ".hlink("Variable")."<br><br>";
416: $q="SELECT * FROM fnconfig ORDER BY fnc_var ASC";
417: $r=$NATS->DB->Query($q);
418: echo "<table border=0>";
419: while ($row=$NATS->DB->Fetch_Array($r))
420: 	{
421: 	echo "<form action=admin.php method=post>";
422: 	echo "<input type=hidden name=action value=var_save>";
423: 	echo "<input type=hidden name=orig_var value=\"".$row['fnc_var']."\">";
424: 	echo "<input type=hidden name=orig_val value=\"".$row['fnc_val']."\">";
425: 	echo "<tr><td><input type=text size=20 maxlength=60 name=new_var value=\"".$row['fnc_var']."\"> ";
426: 	echo "</td>";
427: 	echo "<td>=</td>";
428: 	echo "<td><input type=text size=20 maxlength=60 name=new_val value=\"".$row['fnc_val']."\"></td>";
429: 	echo "<td><input type=submit value=\"Save\"> ";
430: 	echo hlink("Var:".$row['fnc_var']);
431: 	echo "</td>";
432: 	echo "</tr>";
433: 	echo "</form>";
434: 	}
435: echo "<form action=admin.php method=post>";
436: echo "<input type=hidden name=action value=var_new>";
437: echo "<tr><td><input type=text size=20 maxlength=60 name=new_var value=\"\"></td>";
438: echo "<td>=</td>";
439: echo "<td><input type=text size=20 maxlength=60 name=new_val value=\"\"></td>";
440: echo "<td><input type=submit value=\"Create\"></td>";
441: echo "</tr>";
442: echo "</form>";
443: echo "</table>";
444: 
445: ?>
446: 
447: 
448: <?php
449: Screen_Footer();
450: ?>
451: