CX: Viewing File server/web/admin.php of 0.02.51a

File: 0.02.51a/server/web/admin.php (View as Code)

1: 2: /* ------------------------------------------------------------- 3: This file is part of FreeNATS 4: 5: FreeNATS is (C) Copyright 2008 PurplePixie Systems 6: 7: FreeNATS is free software: you can redistribute it and/or modify 8: it under the terms of the GNU General Public License as published by 9: the Free Software Foundation, either version 3 of the License, or 10: (at your option) any later version. 11: 12: FreeNATS is distributed in the hope that it will be useful, 13: but WITHOUT ANY WARRANTY; without even the implied warranty of 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15: GNU General Public License for more details. 16: 17: You should have received a copy of the GNU General Public License 18: along with FreeNATS. If not, see www.gnu.org/licenses 19: 20: For more information see www.purplepixie.org/freenats 21: -------------------------------------------------------------- */ 22: 23: ob_start(); 24: require("include.php"); 25: $NATS->Start(); 26: if (!$NATS_Session->Check($NATS->DB)) 27: { 28: header("Location: ./?login_msg=Invalid+Or+Expired+Session"); 29: exit(); 30: } 31: if ($NATS_Session->userlevel<9) UL_Error("Action Node"); 32: 33: if (isset($_REQUEST['action'])) 34: { 35: switch($_REQUEST['action']) 36: { 37: case "save_user": 38: $q="UPDATE fnuser SET realname=\"".ss($_REQUEST['realname'])."\",userlevel=".ss($_REQUEST['userlevel']); 39: if ((isset($_REQUEST['pword']))&&($_REQUEST['pword']!="_NOTTHIS_")) $q.=",password=MD5(\"".ss($_REQUEST['pword'])."\")"; 40: $q.=" WHERE username=\"".ss($_REQUEST['username'])."\""; 41: $NATS->DB->Query($q); 42: if ($NATS->DB->Affected_Rows()<=0) $amsg="Save User Failed or Nothing Changed"; 43: else $amsg="Save User ".$_REQUEST['username']." Succeeded"; 44: break; 45: 46: case "create_user": 47: $q="INSERT INTO fnuser(username,password,realname,userlevel) VALUES(\"".ss($_REQUEST['username'])."\","; 48: $q.="MD5(\"".ss($_REQUEST['pword'])."\"),\"".ss($_REQUEST['realname'])."\",".ss($_REQUEST['userlevel']).")"; 49: $NATS->DB->Query($q); 50: //echo $q; 51: if ($NATS->DB->Affected_Rows()<=0) $amsg="Create User Failed"; 52: else $amsg="User ".$_REQUEST['username']." Created"; 53: break; 54: 55: case "delete_user": 56: /* - disabled for 0.02.44 to allow duplicate deletion 57: if ($_REQUEST['username']=="admin") 58: { 59: $amsg="Can't delete the admin user"; 60: break; 61: } 62: */ 63: if (!isset($_REQUEST['confirmed'])) 64: { 65: $back=urlencode("admin.php?action=delete_user&username=".$_REQUEST['username']."&confirmed=1"); 66: $url="confirm.php?action=Delete+User+".$_REQUEST['username']."&back=".$back; 67: header("Location: ".$url); 68: exit(); 69: } 70: $q="DELETE FROM fnuser WHERE username=\"".ss($_REQUEST['username'])."\""; 71: $NATS->DB->Query($q); 72: $amsg="User ".$_REQUEST['username']." Deleted"; 73: break; 74: 75: case "var_save": 76: if ($_REQUEST['new_var']=="") // delete 77: { 78: $q="DELETE FROM fnconfig WHERE fnc_var=\"".ss($_REQUEST['orig_var'])."\""; 79: } 80: else // update 81: { 82: $q="UPDATE fnconfig SET fnc_var=\"".ss($_REQUEST['new_var'])."\",fnc_val=\"".ss($_REQUEST['new_val'])."\" "; 83: $q.="WHERE fnc_var=\"".ss($_REQUEST['orig_var'])."\""; 84: } 85: $NATS->DB->Query($q); 86: if ($NATS->DB->Affected_Rows()<=0) $amsg="Update/Delete Variable Failed"; 87: else $amsg="Updated/Deleted Variable"; 88: break; 89: case "var_new": 90: $q="INSERT INTO fnconfig(fnc_var,fnc_val) VALUES(\"".ss($_REQUEST['new_var'])."\",\"".ss($_REQUEST['new_val'])."\")"; 91: //echo $q; 92: $NATS->DB->Query($q); 93: if ($NATS->DB->Affected_Rows()<=0) $amsg="Create Variable Failed"; 94: else $amsg="Created Variable"; 95: break; 96: 97: case "save_aa": 98: $q="UPDATE fnalertaction SET "; 99: $q.="atype=\"".ss($_REQUEST['atype'])."\","; 100: $q.="ctrlimit=".ss($_REQUEST['ctrlimit']).","; 101: $q.="ctrtoday=".ss($_REQUEST['ctrtoday']).","; 102: $q.="aname=\"".ss($_REQUEST['aname'])."\","; 103: if (isset($_REQUEST['efrom'])) $q.="efrom=\"".ss($_REQUEST['efrom'])."\","; 104: $q.="etolist=\"".ss($_REQUEST['etolist'])."\","; 105: if (isset($_REQUEST['esubject'])) $q.="esubject=".ss($_REQUEST['esubject']).","; 106: $q.="etype=".ss($_REQUEST['etype']); 107: if (isset($_REQUEST['awarnings'])) $q.=",awarnings=".ss($_REQUEST['awarnings']); 108: else $q.=",awarnings=0"; 109: if (isset($_REQUEST['adecrease'])) $q.=",adecrease=".ss($_REQUEST['adecrease']); 110: else $q.=",adecrease=0"; 111: $q.=" WHERE aaid=".ss($_REQUEST['aaid']); 112: //echo $q; 113: $NATS->DB->Query($q); 114: if ($NATS->DB->Affected_Rows()<=0) $amsg="Action Update Failed or Nothing Changed"; 115: else $amsg="Action Updated"; 116: break; 117: 118: case "action_test": 119: $q="SELECT mdata FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid'])." LIMIT 0,1"; 120: $r=$NATS->DB->Query($q); 121: $row=$NATS->DB->Fetch_Array($r); 122: $oldm=$row['mdata']; 123: $q="UPDATE fnalertaction SET mdata=\"** ACTION TEST **\" WHERE aaid=".ss($_REQUEST['aaid']); 124: $NATS->DB->Query($q); 125: $NATS->ActionFlush(); 126: $q="UPDATE fnalertaction SET mdata=\"".ss($oldm)."\" WHERE aaid=".ss($_REQUEST['aaid']); 127: $NATS->DB->Query($q); 128: $amsg="Alert Action Tested & Flushed"; 129: break; 130: 131: case "action_create": 132: $q="INSERT INTO fnalertaction(atype) VALUES(\"\")"; 133: $NATS->DB->Query($q); 134: $amsg="Created New Alert Action"; 135: break; 136: 137: case "action_delete": 138: if (!isset($_REQUEST['confirmed'])) 139: { 140: $back=urlencode("admin.php?aaid_del=".$_REQUEST['aaid_del']."&action=action_delete&confirmed=1"); 141: $url="confirm.php?action=Delete+alert+action&back=".$back; 142: header("Location: ".$url); 143: exit(); 144: } 145: // otherwise confirmed 146: $q="DELETE FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid_del']); 147: $NATS->DB->Query($q); 148: if ($NATS->DB->Affected_Rows()>0) $amsg="Alert Action Deleted"; 149: else $amsg="Alert Action Delete Failed"; 150: $q="DELETE FROM fnnalink WHERE aaid=".ss($_REQUEST['aaid_del']); 151: $NATS->DB->Query($q); 152: break; 153: 154: } 155: } 156: 157: ob_end_flush(); 158: Screen_Header("Administration Interface",1); 159: 160: if (isset($_REQUEST['message'])) echo "
".$_REQUEST['message']."
"; 161: if (isset($amsg)) echo "
".$amsg."
"; 162: 163: echo "
"; 164: if (isset($_REQUEST['updatecheck'])) 165: { 166: // check for updates 167: $dq="?CheckVersion=".$NATS->Version."&JSMode=1"; 168: $dl="http://www.purplepixie.org/freenats/download.php"; 169: $du=$dl.$dq; 170: /* old method 171: $cp=@fopen($du,"r"); 172: if ($cp>0) 173: { 174: $cs=@fgets($cp,128); 175: @fclose($cp); 176: if ($cs=="0") echo "System Up to Date
"; 177: else echo "Update Available: ".$cs."
"; 178: } 179: else echo "Error Checking for Updates
"; 180: */ 181: echo "Checking Version: "; 182: echo "\n"; 183: echo "

"; 184: } 185: else 186: { 187: echo "Check for FreeNATS Updates"; 188: } 189: echo "
"; 190: 191: ?> 192:
193: Users

194: 195: 196: function tul($l) 197: { 198: if ($l>9) return "Administrator"; 199: if ($l>4) return "Power User"; 200: if ($l>0) return "Normal User"; 201: return "Disabled"; 202: } 203: 204: $q="SELECT username,realname,userlevel FROM fnuser"; 205: $r=$NATS->DB->Query($q); 206: echo ""; 207: echo ""; 208: echo ""; 209: while ($row=$NATS->DB->Fetch_Array($r)) 210: { 211: echo ""; 212: echo ""; 213: echo ""; 214: echo ""; 215: echo ""; 216: echo ""; 224: echo ""; 225: echo ""; 226: echo ""; 227: echo ""; 228: } 229: echo ""; 230: echo ""; 231: echo ""; 232: echo ""; 233: echo ""; 239: echo ""; 240: echo ""; 241: echo ""; 242: echo "

Username	Real Name	User Level	Password	Options
".$row['username']."		"; 223: echo "		Delete

"; 243: echo "
"; 244: $NATS->DB->Free($r); 245: 246: echo "Test Sessions

"; 247: $q="SELECT * FROM fntestrun ORDER BY trid DESC"; 248: if (!isset($_REQUEST['ShowAllSessions'])) $q.=" LIMIT 0,5"; 249: $r=$NATS->DB->Query($q); 250: echo ""; 251: while ($row=$NATS->DB->Fetch_Array($r)) 252: { 253: echo ""; 254: echo ""; 259: } 260: echo "

run/".$row['trid']."

".nicedt($row['startx'])." - "; 255: if ($row['finishx']>0) echo nicedt($row['finishx']); 256: else echo "Still Running"; 257: echo " (System Logs)"; 258: echo "

"; 261: $NATS->DB->Free($r); 262: echo "
"; 263: if (!isset($_REQUEST['ShowAllSessions'])) echo "Show All Testing Sessions

"; 264: echo "
"; 265: 266: echo "Alert Actions

"; 267: 268: function aat_etype($type) 269: { 270: switch ($type) 271: { 272: case 0: return "Short"; 273: case 1: return "Long"; 274: default: return "Unknown"; 275: } 276: } 277: 278: function aat_esub($type) 279: { 280: switch ($type) 281: { 282: case 0: return "Blank"; 283: case 1: return "Short"; 284: case 2: return "Long"; 285: default: return "Unknown"; 286: } 287: } 288: 289: function aat_atype($type) 290: { 291: switch($type) 292: { 293: case "": case "Disabled": return "Disabled"; 294: case "email": return "EMail"; 295: case "url": return "URL"; 296: default: return "Unknown"; 297: } 298: } 299: 300: 301: 302: if (isset($_REQUEST['aaid'])) 303: { // view/edit aaid 304: $q="SELECT * FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid']); 305: $r=$NATS->DB->Query($q); 306: if (!$row=$NATS->DB->Fetch_Array($r)) 307: { 308: echo "Error Fetching AAID

"; 309: Screen_Footer(); 310: exit(); 311: } 312: echo ""; 313: echo ""; 314: echo ""; 315: echo ""; 316: echo ""; 317: 318: echo ""; 319: echo ""; 322: 323: echo ""; 331: 332: echo ""; 333: if ($row['awarnings']==1) $s=" checked"; 334: else $s=""; 335: echo ""; 336: 337: echo ""; 338: if ($row['adecrease']==1) $s=" checked"; 339: else $s=""; 340: echo ""; 341: 342: echo ""; 343: echo ""; 347: 348: echo ""; 349: echo ""; 357: 358: if ($row['atype']!="url") 359: { 360: 361: echo ""; 362: echo ""; 365: 366: echo ""; 374: 375: } 376: 377: echo ""; 384: 385: echo ""; 388: 389: echo ""; 393: 394: echo "

ID :	action/".$_REQUEST['aaid']."
Action Name :	"; 320: echo ""; 321: echo "
Type :	"; 324: echo ""; 330: echo "
Warnings :	".hlink("AAction:Warnings")."
Decreases :	".hlink("AAction:Decreases")."
Action Limit :	"; 344: echo " "; 345: echo hlink("AAction:Limit"); 346: echo "
Action Counter :	"; 350: echo " "; 351: echo hlink("AAction:Counter"); 352: echo " (for "; 353: if ($row['ctrdate']=="") echo "unknown"; 354: else echo substr($row['ctrdate'],6,2)."/".substr($row['ctrdate'],4,2)."/".substr($row['ctrdate'],0,4); 355: echo ")"; 356: echo "
Email From :	"; 363: echo ""; 364: echo "
Email Subject :	"; 367: echo ""; 373: echo "
Msg Type :	"; 378: echo ""; 383: echo "
Email To or URL :	"; 386: echo "".$row['etolist'].""; 387: echo "
Cancel Update \| "; 390: echo "Test Action \| "; 391: echo "Delete Action"; 392: echo "

"; 395: $NATS->DB->Free($r); 396: } 397: 398: $q="SELECT aaid,atype,aname FROM fnalertaction"; 399: $r=$NATS->DB->Query($q); 400: while ($row=$NATS->DB->Fetch_Array($r)) 401: { 402: echo "action/".$row['aaid']." : ".$row['aname']." - "; 403: echo aat_atype($row['atype']); 404: echo "
"; 405: } 406: 407: echo "
Create New Alert Action
"; 408: echo "

"; 409: 410: echo "System Logs

"; 411: echo "System Event Log

"; 412: 413: echo "

"; 414: 415: echo "Variables ".hlink("Variable")."

"; 416: $q="SELECT * FROM fnconfig ORDER BY fnc_var ASC"; 417: $r=$NATS->DB->Query($q); 418: echo ""; 419: while ($row=$NATS->DB->Fetch_Array($r)) 420: { 421: echo ""; 422: echo ""; 423: echo ""; 424: echo ""; 425: echo ""; 427: echo ""; 428: echo ""; 429: echo ""; 432: echo ""; 433: echo ""; 434: } 435: echo ""; 436: echo ""; 437: echo ""; 438: echo ""; 439: echo ""; 440: echo ""; 441: echo ""; 442: echo ""; 443: echo "

"; 426: echo "	=		"; 430: echo hlink("Var:".$row['fnc_var']); 431: echo "
	=

"; 444: 445: ?> 446: 447: 448: 449: Screen_Footer(); 450: ?> 451: