Viewing File server/web/admin.php of 0.02.56a
|
1: <?php 2: /* ------------------------------------------------------------- 3: This file is part of FreeNATS 4: 5: FreeNATS is (C) Copyright 2008 PurplePixie Systems 6: 7: FreeNATS is free software: you can redistribute it and/or modify 8: it under the terms of the GNU General Public License as published by 9: the Free Software Foundation, either version 3 of the License, or 10: (at your option) any later version. 11: 12: FreeNATS is distributed in the hope that it will be useful, 13: but WITHOUT ANY WARRANTY; without even the implied warranty of 14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15: GNU General Public License for more details. 16: 17: You should have received a copy of the GNU General Public License 18: along with FreeNATS. If not, see www.gnu.org/licenses 19: 20: For more information see www.purplepixie.org/freenats 21: -------------------------------------------------------------- */ 22: 23: ob_start(); 24: require("include.php"); 25: $NATS->Start(); 26: if (!$NATS_Session->Check($NATS->DB)) 27: { 28: header("Location: ./?login_msg=Invalid+Or+Expired+Session"); 29: exit(); 30: } 31: if ($NATS_Session->userlevel<9) UL_Error("Action Node"); 32: 33: if (isset($_REQUEST['action'])) 34: { 35: switch($_REQUEST['action']) 36: { 37: case "save_user": 38: $q="UPDATE fnuser SET realname=\"".ss($_REQUEST['realname'])."\",userlevel=".ss($_REQUEST['userlevel']); 39: if ((isset($_REQUEST['pword']))&&($_REQUEST['pword']!="_NOTTHIS_")) $q.=",password=MD5(\"".ss($_REQUEST['pword'])."\")"; 40: $q.=" WHERE username=\"".ss($_REQUEST['username'])."\""; 41: $NATS->DB->Query($q); 42: if ($NATS->DB->Affected_Rows()<=0) $amsg="Save User Failed or Nothing Changed"; 43: else $amsg="Save User ".$_REQUEST['username']." Succeeded"; 44: break; 45: 46: case "create_user": 47: $q="INSERT INTO fnuser(username,password,realname,userlevel) VALUES(\"".ss($_REQUEST['username'])."\","; 48: $q.="MD5(\"".ss($_REQUEST['pword'])."\"),\"".ss($_REQUEST['realname'])."\",".ss($_REQUEST['userlevel']).")"; 49: $NATS->DB->Query($q); 50: //echo $q; 51: if ($NATS->DB->Affected_Rows()<=0) $amsg="Create User Failed"; 52: else $amsg="User ".$_REQUEST['username']." Created"; 53: break; 54: 55: case "delete_user": 56: /* - disabled for 0.02.44 to allow duplicate deletion 57: if ($_REQUEST['username']=="admin") 58: { 59: $amsg="Can't delete the admin user"; 60: break; 61: } 62: */ 63: if (!isset($_REQUEST['confirmed'])) 64: { 65: $back=urlencode("admin.php?action=delete_user&mode=users&username=".$_REQUEST['username']."&confirmed=1"); 66: $url="confirm.php?action=Delete+User+".$_REQUEST['username']."&back=".$back; 67: header("Location: ".$url); 68: exit(); 69: } 70: $q="DELETE FROM fnuser WHERE username=\"".ss($_REQUEST['username'])."\""; 71: $NATS->DB->Query($q); 72: $amsg="User ".$_REQUEST['username']." Deleted"; 73: break; 74: 75: case "var_save": 76: if ($_REQUEST['new_var']=="") // delete 77: { 78: $q="DELETE FROM fnconfig WHERE fnc_var=\"".ss($_REQUEST['orig_var'])."\""; 79: } 80: else // update 81: { 82: $q="UPDATE fnconfig SET fnc_var=\"".ss($_REQUEST['new_var'])."\",fnc_val=\"".ss($_REQUEST['new_val'])."\" "; 83: $q.="WHERE fnc_var=\"".ss($_REQUEST['orig_var'])."\""; 84: } 85: $NATS->DB->Query($q); 86: if ($NATS->DB->Affected_Rows()<=0) $amsg="Update/Delete Variable Failed"; 87: else $amsg="Updated/Deleted Variable"; 88: break; 89: case "var_new": 90: $q="INSERT INTO fnconfig(fnc_var,fnc_val) VALUES(\"".ss($_REQUEST['new_var'])."\",\"".ss($_REQUEST['new_val'])."\")"; 91: //echo $q; 92: $NATS->DB->Query($q); 93: if ($NATS->DB->Affected_Rows()<=0) $amsg="Create Variable Failed"; 94: else $amsg="Created Variable"; 95: break; 96: 97: case "save_aa": 98: $q="UPDATE fnalertaction SET "; 99: $q.="atype=\"".ss($_REQUEST['atype'])."\","; 100: $q.="ctrlimit=".ss($_REQUEST['ctrlimit']).","; 101: $q.="ctrtoday=".ss($_REQUEST['ctrtoday']).","; 102: $q.="aname=\"".ss($_REQUEST['aname'])."\","; 103: if (isset($_REQUEST['efrom'])) $q.="efrom=\"".ss($_REQUEST['efrom'])."\","; 104: $q.="etolist=\"".ss($_REQUEST['etolist'])."\","; 105: if (isset($_REQUEST['esubject'])) $q.="esubject=".ss($_REQUEST['esubject']).","; 106: $q.="etype=".ss($_REQUEST['etype']); 107: if (isset($_REQUEST['awarnings'])) $q.=",awarnings=".ss($_REQUEST['awarnings']); 108: else $q.=",awarnings=0"; 109: if (isset($_REQUEST['adecrease'])) $q.=",adecrease=".ss($_REQUEST['adecrease']); 110: else $q.=",adecrease=0"; 111: $q.=" WHERE aaid=".ss($_REQUEST['aaid']); 112: //echo $q; 113: $NATS->DB->Query($q); 114: if ($NATS->DB->Affected_Rows()<=0) $amsg="Action Update Failed or Nothing Changed"; 115: else $amsg="Action Updated"; 116: break; 117: 118: case "action_test": 119: $q="SELECT mdata FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid'])." LIMIT 0,1"; 120: $r=$NATS->DB->Query($q); 121: $row=$NATS->DB->Fetch_Array($r); 122: $oldm=$row['mdata']; 123: $q="UPDATE fnalertaction SET mdata=\"** ACTION TEST **\" WHERE aaid=".ss($_REQUEST['aaid']); 124: $NATS->DB->Query($q); 125: $NATS->ActionFlush(); 126: $q="UPDATE fnalertaction SET mdata=\"".ss($oldm)."\" WHERE aaid=".ss($_REQUEST['aaid']); 127: $NATS->DB->Query($q); 128: $amsg="Alert Action Tested & Flushed"; 129: break; 130: 131: case "action_create": 132: $q="INSERT INTO fnalertaction(atype) VALUES(\"\")"; 133: $NATS->DB->Query($q); 134: $amsg="Created New Alert Action"; 135: break; 136: 137: case "action_delete": 138: if (!isset($_REQUEST['confirmed'])) 139: { 140: $back=urlencode("admin.php?mode=alertactions&aaid_del=".$_REQUEST['aaid_del']."&action=action_delete&confirmed=1"); 141: $url="confirm.php?action=Delete+alert+action&back=".$back; 142: header("Location: ".$url); 143: exit(); 144: } 145: // otherwise confirmed 146: $q="DELETE FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid_del']); 147: $NATS->DB->Query($q); 148: if ($NATS->DB->Affected_Rows()>0) $amsg="Alert Action Deleted"; 149: else $amsg="Alert Action Delete Failed"; 150: $q="DELETE FROM fnnalink WHERE aaid=".ss($_REQUEST['aaid_del']); 151: $NATS->DB->Query($q); 152: break; 153: 154: } 155: } 156: 157: ob_end_flush(); 158: Screen_Header("Administration Interface",1); 159: 160: if (isset($_REQUEST['mode'])) $mode=$_REQUEST['mode']; 161: else $mode=""; 162: 163: if (isset($_REQUEST['message'])) echo "<br><b>".$_REQUEST['message']."</b><br>"; 164: if (isset($amsg)) echo "<br><b>".$amsg."</b><br>"; 165: 166: echo "<br>"; 167: if (isset($_REQUEST['updatecheck'])) 168: { 169: // check for updates 170: $dq="?CheckVersion=".$NATS->Version."&JSMode=1"; 171: $dl="http://www.purplepixie.org/freenats/download.php"; 172: $du=$dl.$dq; 173: /* old method 174: $cp=@fopen($du,"r"); 175: if ($cp>0) 176: { 177: $cs=@fgets($cp,128); 178: @fclose($cp); 179: if ($cs=="0") echo "System Up to Date<br>"; 180: else echo "Update Available: <a href=http://www.purplepixie.org/freenats>".$cs."</a><br>"; 181: } 182: else echo "Error Checking for Updates<br>"; 183: */ 184: echo "Checking Version: "; 185: echo "<script type=\"text/javascript\" src=\"".$du."\"></script>\n"; 186: echo "<br><br>"; 187: } 188: else if ($mode=="") 189: { 190: echo "<a href=admin.php?updatecheck=1><b>Check for FreeNATS Updates</b></a><br><br>"; 191: } 192: 193: function tul($l) 194: { 195: if ($l>9) return "Administrator"; 196: if ($l>4) return "Power User"; 197: if ($l>0) return "Normal User"; 198: return "Disabled"; 199: } 200: 201: function aat_etype($type) 202: { 203: switch ($type) 204: { 205: case 0: return "Short"; 206: case 1: return "Long"; 207: default: return "Unknown"; 208: } 209: } 210: 211: function aat_esub($type) 212: { 213: switch ($type) 214: { 215: case 0: return "Blank"; 216: case 1: return "Short"; 217: case 2: return "Long"; 218: default: return "Unknown"; 219: } 220: } 221: 222: function aat_atype($type) 223: { 224: switch($type) 225: { 226: case "": case "Disabled": return "Disabled"; 227: case "email": return "EMail"; 228: case "url": return "URL"; 229: default: return "Unknown"; 230: } 231: } 232: 233: if ($mode=="users") 234: { 235: echo "<b class=\"minortitle\">Users</b><br><br>"; 236: 237: 238: 239: 240: $q="SELECT username,realname,userlevel FROM fnuser"; 241: $r=$NATS->DB->Query($q); 242: echo "<table border=0>"; 243: echo "<tr><td><b>Username </b></td>"; 244: echo "<td><b>Real Name</b></td><td><b>User Level</b></td><td><b>Password</b></td><td><b>Options</b></td></tr>"; 245: while ($row=$NATS->DB->Fetch_Array($r)) 246: { 247: echo "<form action=admin.php method=post>"; 248: echo "<input type=hidden name=action value=save_user>"; 249: echo "<input type=hidden name=mode value=users>"; 250: echo "<input type=hidden name=username value=\"".$row['username']."\">"; 251: echo "<tr><td>".$row['username']."</td>"; 252: echo "<td><input type=text name=realname value=\"".$row['realname']."\" size=20 maxlength=120></td>"; 253: echo "<td><select name=userlevel>"; 254: echo "<option value=".$row['userlevel'].">".tul($row['userlevel'])."</option>"; 255: echo "<option value=0>".tul(0)."</option>"; 256: echo "<option value=1>".tul(1)."</option>"; 257: echo "<option value=5>".tul(5)."</option>"; 258: echo "<option value=10>".tul(10)."</option>"; 259: echo "</select>"; 260: echo "</td>"; 261: echo "<td><input type=password name=pword value=\"_NOTTHIS_\" size=10 maxlength=128></td>"; 262: echo "<td><input type=submit value=\"Save\"> <a href=admin.php?action=delete_user&username=".$row['username'].">Delete</a></td>"; 263: echo "</tr>"; 264: echo "</form>"; 265: } 266: echo "<form action=admin.php method=post>"; 267: echo "<input type=hidden name=action value=create_user>"; 268: echo "<input type=hidden name=mode value=users>"; 269: echo "<tr><td><input type=text name=username size=20 maxlength=60></td>"; 270: echo "<td><input type=text name=realname size=20 maxlength=120></td>"; 271: echo "<td><select name=userlevel>"; 272: echo "<option value=1>".tul(1)."</option>"; 273: echo "<option value=0>".tul(0)."</option>"; 274: echo "<option value=5>".tul(5)."</option>"; 275: echo "<option value=10>".tul(10)."</option>"; 276: echo "</select></td>"; 277: echo "<td><input type=password name=pword size=10 maxlength=60></td>"; 278: echo "<td><input type=submit value=\"Create User\"></td>"; 279: echo "</tr></form>"; 280: echo "</table><br>"; 281: echo "<br>"; 282: $NATS->DB->Free($r); 283: } 284: else if ($mode=="testsessions") 285: { 286: echo "<b class=\"minortitle\">Test Sessions</b><br><br>"; 287: $q="SELECT * FROM fntestrun ORDER BY trid DESC"; 288: if (!isset($_REQUEST['ShowAllSessions'])) $q.=" LIMIT 0,5"; 289: $r=$NATS->DB->Query($q); 290: echo "<table border=0>"; 291: while ($row=$NATS->DB->Fetch_Array($r)) 292: { 293: echo "<tr><td><a href=testrun.php?trid=".$row['trid'].">run/".$row['trid']."</a></td>"; 294: echo "<td>".nicedt($row['startx'])." - "; 295: if ($row['finishx']>0) echo nicedt($row['finishx']); 296: else echo "Still Running"; 297: echo " (<a href=log.php?f_entry=Tester+".$row['trid'].">System Logs</a>)"; 298: echo "</td></tr>"; 299: } 300: echo "</table>"; 301: $NATS->DB->Free($r); 302: echo "<br>"; 303: if (!isset($_REQUEST['ShowAllSessions'])) echo "<a href=admin.php?mode=testsessions&ShowAllSessions=1>Show All Testing Sessions</a><br><br>"; 304: echo "<br>"; 305: } 306: else if ($mode=="alertactions") 307: { 308: echo "<b class=\"minortitle\">Alert Actions</b><br><br>"; 309: 310: if (isset($_REQUEST['aaid'])) 311: { // view/edit aaid 312: $q="SELECT * FROM fnalertaction WHERE aaid=".ss($_REQUEST['aaid']); 313: $r=$NATS->DB->Query($q); 314: if (!$row=$NATS->DB->Fetch_Array($r)) 315: { 316: echo "<b>Error Fetching AAID</b><br><br>"; 317: Screen_Footer(); 318: exit(); 319: } 320: echo "<table border=0>"; 321: echo "<form action=admin.php method=post>"; 322: echo "<input type=hidden name=action value=save_aa>"; 323: echo "<input type=hidden name=mode value=alertactions>"; 324: echo "<input type=hidden name=aaid value=".$_REQUEST['aaid'].">"; 325: echo "<tr><td>ID : </td><td>action/".$_REQUEST['aaid']."</td></tr>"; 326: 327: echo "<tr><td>Action Name : </td>"; 328: echo "<td>"; 329: echo "<input type=text name=aname size=30 maxlength=120 value=\"".$row['aname']."\">"; 330: echo "</td></tr>"; 331: 332: echo "<tr><td>Type : </td><td>"; 333: echo "<select name=atype>"; 334: echo "<option value=".$row['atype'].">".aat_atype($row['atype'])."</option>"; 335: echo "<option value=Disabled>Disabled</option>"; 336: echo "<option value=email>EMail</option>"; 337: echo "<option value=url>URL</option>"; 338: echo "</select>"; 339: echo "</td></tr>"; 340: 341: echo "<tr><td>Warnings : </td>"; 342: if ($row['awarnings']==1) $s=" checked"; 343: else $s=""; 344: echo "<td><input type=checkbox name=awarnings value=1".$s."> ".hlink("AAction:Warnings")."</td></tr>"; 345: 346: echo "<tr><td>Decreases : </td>"; 347: if ($row['adecrease']==1) $s=" checked"; 348: else $s=""; 349: echo "<td><input type=checkbox name=adecrease value=1".$s."> ".hlink("AAction:Decreases")."</td></tr>"; 350: 351: echo "<tr><td>Action Limit : </td>"; 352: echo "<td>"; 353: echo "<input type=text name=ctrlimit size=3 maxlength=6 value=\"".$row['ctrlimit']."\"> "; 354: echo hlink("AAction:Limit"); 355: echo "</td></tr>"; 356: 357: echo "<tr><td>Action Counter : </td>"; 358: echo "<td>"; 359: echo "<input type=text name=ctrtoday size=3 maxlength=6 value=\"".$row['ctrtoday']."\"> "; 360: echo hlink("AAction:Counter"); 361: echo " (for "; 362: if ($row['ctrdate']=="") echo "<i>unknown</i>"; 363: else echo substr($row['ctrdate'],6,2)."/".substr($row['ctrdate'],4,2)."/".substr($row['ctrdate'],0,4); 364: echo ")"; 365: echo "</td></tr>"; 366: 367: if ($row['atype']!="url") 368: { 369: 370: echo "<tr><td>Email From : </td>"; 371: echo "<td>"; 372: echo "<input type=text name=efrom size=30 maxlength=120 value=\"".$row['efrom']."\">"; 373: echo "</td></tr>"; 374: 375: echo "<tr><td>Email Subject : </td><td>"; 376: echo "<select name=esubject>"; 377: echo "<option value=".$row['esubject'].">".aat_esub($row['esubject'])."</option>"; 378: echo "<option value=0>Blank</option>"; 379: echo "<option value=1>Short</option>"; 380: echo "<option value=2>Long</option>"; 381: echo "</select>"; 382: echo "</td></tr>"; 383: 384: } 385: 386: echo "<tr><td>Msg Type : </td><td>"; 387: echo "<select name=etype>"; 388: echo "<option value=".$row['etype'].">".aat_etype($row['etype'])."</option>"; 389: echo "<option value=0>Short</option>"; 390: echo "<option value=1>Long</option>"; 391: echo "</select>"; 392: echo "</td></tr>"; 393: 394: echo "<tr><td valign=top>Email To<br>or URL : </td><td>"; 395: echo "<textarea name=etolist cols=40 rows=6>".$row['etolist']."</textarea>"; 396: echo "</td></tr>"; 397: 398: echo "<tr><td colspan=2><input type=submit value=\"Update Action\"> <a href=admin.php>Cancel Update</a> | "; 399: echo "<a href=admin.php?aaid=".$_REQUEST['aaid']."&action=action_test>Test Action</a> | "; 400: echo "<a href=admin.php?aaid_del=".$_REQUEST['aaid']."&action=action_delete>Delete Action</a>"; 401: echo "</td></tr>"; 402: 403: echo "</form></table><br><br>"; 404: $NATS->DB->Free($r); 405: } 406: 407: $q="SELECT aaid,atype,aname FROM fnalertaction"; 408: $r=$NATS->DB->Query($q); 409: while ($row=$NATS->DB->Fetch_Array($r)) 410: { 411: echo "<a href=admin.php?mode=alertactions&aaid=".$row['aaid'].">action/".$row['aaid']." : ".$row['aname']."</a> - "; 412: echo aat_atype($row['atype']); 413: echo "<br>"; 414: } 415: 416: echo "<br><a href=admin.php?mode=alertactions&action=action_create><b>Create New Alert Action</b></a><br>"; 417: echo "<br><br>"; 418: } 419: else if ($mode=="logs") 420: { 421: echo "<b class=\"minortitle\">System Logs</b><br><br>"; 422: echo "<a href=log.php>System Event Log</a><br><br>"; 423: 424: echo "<br><br>"; 425: } 426: else if ($mode=="variables") 427: { 428: echo "<b class=\"minortitle\">Variables</b> ".hlink("Variable")."<br><br>"; 429: $q="SELECT * FROM fnconfig ORDER BY fnc_var ASC"; 430: $r=$NATS->DB->Query($q); 431: echo "<table border=0>"; 432: while ($row=$NATS->DB->Fetch_Array($r)) 433: { 434: echo "<form action=admin.php method=post>"; 435: echo "<input type=hidden name=action value=var_save>"; 436: echo "<input type=hidden name=mode value=variables>"; 437: echo "<input type=hidden name=orig_var value=\"".$row['fnc_var']."\">"; 438: echo "<input type=hidden name=orig_val value=\"".$row['fnc_val']."\">"; 439: echo "<tr><td><input type=text size=20 maxlength=60 name=new_var value=\"".$row['fnc_var']."\"> "; 440: echo "</td>"; 441: echo "<td>=</td>"; 442: echo "<td><input type=text size=20 maxlength=60 name=new_val value=\"".$row['fnc_val']."\"></td>"; 443: echo "<td><input type=submit value=\"Save\"> "; 444: echo hlink("Var:".$row['fnc_var']); 445: echo "</td>"; 446: echo "</tr>"; 447: echo "</form>"; 448: } 449: echo "<form action=admin.php method=post>"; 450: echo "<input type=hidden name=action value=var_new>"; 451: echo "<input type=hidden name=mode value=variables>"; 452: echo "<tr><td><input type=text size=20 maxlength=60 name=new_var value=\"\"></td>"; 453: echo "<td>=</td>"; 454: echo "<td><input type=text size=20 maxlength=60 name=new_val value=\"\"></td>"; 455: echo "<td><input type=submit value=\"Create\"></td>"; 456: echo "</tr>"; 457: echo "</form>"; 458: echo "</table>"; 459: } 460: else // catch-all 461: { 462: echo "<a href=admin.php?mode=users>User Administration</a><br><br>"; 463: echo "<a href=log.php>System Event Log</a><br><br>"; 464: echo "<a href=admin.php?mode=alertactions>Alert Actions</a><br><br>"; 465: echo "<a href=admin.php?mode=variables>System Variables</a><br><br>"; 466: echo "<a href=admin.php?mode=testsessions>Test Sessions</a><br><br>"; 467: } 468: 469: if ($mode!="") echo "<a href=admin.php>Back to Main Admin Menu</a><br><br>"; 470: ?> 471: 472: 473: <?php 474: Screen_Footer(); 475: ?> 476: