diff --git a/app/access_controls/access_control_edit.php b/app/access_controls/access_control_edit.php index a187cd119d..2aff1720eb 100644 --- a/app/access_controls/access_control_edit.php +++ b/app/access_controls/access_control_edit.php @@ -2,21 +2,23 @@ /* FusionPBX Version: MPL 1.1 + The contents of this file are subject to the Mozilla Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/MPL/ + Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. + The Original Code is FusionPBX + The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2018 + Portions created by the Initial Developer are Copyright (C) 2018 - 2020 the Initial Developer. All Rights Reserved. - Contributor(s): - Mark J Crane */ //includes @@ -25,8 +27,12 @@ require_once "resources/check_auth.php"; //check permissions - if (!permission_exists('access_control_add') && !permission_exists('access_control_edit')) { - echo "access denied"; exit; + if (permission_exists('access_control_add') || permission_exists('access_control_edit')) { + //access granted + } + else { + echo "access denied"; + exit; } //add multi-lingual support @@ -37,131 +43,180 @@ if (is_uuid($_REQUEST["id"])) { $action = "update"; $access_control_uuid = $_REQUEST["id"]; + $id = $_REQUEST["id"]; } else { $action = "add"; } //get http post variables and set them to php variables - if (count($_POST)>0) { + if (is_array($_POST) && is_uuid($access_control_uuid)) { $access_control_name = $_POST["access_control_name"]; $access_control_default = $_POST["access_control_default"]; + $access_control_nodes = $_POST["access_control_nodes"]; $access_control_description = $_POST["access_control_description"]; } -if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { +//process the user data and save it to the database + if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { - //delete the access control - if (permission_exists('access_control_delete')) { - if ($_POST['action'] == 'delete' && is_uuid($access_control_uuid)) { - //prepare - $array[0]['checked'] = 'true'; - $array[0]['uuid'] = $access_control_uuid; - //delete - $obj = new access_controls; - $obj->delete($array); - //redirect - header('Location: access_controls.php'); + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: access_controls.php'); + exit; + } + + //process the http post data by submitted action + if ($_POST['action'] != '' && strlen($_POST['action']) > 0) { + + //prepare the array(s) + $x = 0; + foreach ($_POST['access_control_nodes'] as $row) { + if (is_uuid($row['access_control_uuid']) && $row['checked'] === 'true') { + $array['access_controls'][$x]['checked'] = $row['checked']; + $array['access_controls'][$x]['access_control_nodes'][]['access_control_node_uuid'] = $row['access_control_node_uuid']; + $x++; + } + } + + //send the array to the database class + switch ($_POST['action']) { + case 'copy': + if (permission_exists('access_control_add')) { + $obj = new database; + $obj->copy($array); + } + break; + case 'delete': + if (permission_exists('access_control_delete')) { + $obj = new database; + $obj->delete($array); + } + break; + case 'toggle': + if (permission_exists('access_control_update')) { + $obj = new database; + $obj->toggle($array); + } + break; + } + + //redirect the user + if (in_array($_POST['action'], array('copy', 'delete', 'toggle'))) { + header('Location: access_control_edit.php?id='.$id); exit; + } } - } - //get the primary key - if ($action == "update") { - $access_control_uuid = $_POST["access_control_uuid"]; - } + //check for all required data + $msg = ''; + if (strlen($access_control_name) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_name']."
\n"; } + if (strlen($access_control_default) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_default']."
\n"; } + //if (strlen($access_control_nodes) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_nodes']."
\n"; } + //if (strlen($access_control_description) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_description']."
\n"; } + if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { + require_once "resources/header.php"; + require_once "resources/persist_form_var.php"; + echo "
\n"; + echo "
\n"; + echo $msg."
"; + echo "
\n"; + persistformvar($_POST); + echo "
\n"; + require_once "resources/footer.php"; + return; + } - //validate the token - $token = new token; - if (!$token->validate($_SERVER['PHP_SELF'])) { - message::add($text['message-invalid_token'],'negative'); - header('Location: access_controls.php'); - exit; - } - - //check for all required data - $msg = ''; - if (strlen($access_control_name) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_name']."
\n"; } - if (strlen($access_control_default) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_default']."
\n"; } - //if (strlen($access_control_description) == 0) { $msg .= $text['message-required']." ".$text['label-access_control_description']."
\n"; } - if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { - require_once "resources/header.php"; - require_once "resources/persist_form_var.php"; - echo "
\n"; - echo "
\n"; - echo $msg."
"; - echo "
\n"; - persistformvar($_POST); - echo "
\n"; - require_once "resources/footer.php"; - return; - } - - //add or update the database - if ($_POST["persistformvar"] != "true") { - $execute = false; - - if ($action == "add" && permission_exists('access_control_add')) { - $execute = true; + //add the access_control_uuid + if (!is_uuid($_POST["access_control_uuid"])) { $access_control_uuid = uuid(); - - //set the message - message::add($text['message-add']); - - //set redirect url - $redirect_url = 'access_control_edit.php?id='.$access_control_uuid; } - if ($action == "update" && permission_exists('access_control_edit')) { - $execute = true; - - //set the message - message::add($text['message-update']); + //prepare the array + $array['access_controls'][0]['access_control_uuid'] = $access_control_uuid; + $array['access_controls'][0]['access_control_name'] = $access_control_name; + $array['access_controls'][0]['access_control_default'] = $access_control_default; + $array['access_controls'][0]['access_control_description'] = $access_control_description; + $y = 0; + if (is_array($access_control_nodes)) { + foreach ($access_control_nodes as $row) { + if (strlen($row['node_type']) > 0) { + $array['access_controls'][0]['access_control_nodes'][$y]['access_control_node_uuid'] = $row["access_control_node_uuid"]; + $array['access_controls'][0]['access_control_nodes'][$y]['node_type'] = $row["node_type"]; + $array['access_controls'][0]['access_control_nodes'][$y]['node_cidr'] = $row["node_cidr"]; + $array['access_controls'][0]['access_control_nodes'][$y]['node_domain'] = $row["node_domain"]; + $array['access_controls'][0]['access_control_nodes'][$y]['node_description'] = $row["node_description"]; + if (isset($row["checked"])) { + $array['access_controls'][0]['access_control_nodes'][$y]['checked'] = $row["checked"]; + } + $y++; + } + } } - if ($execute) { - $array['access_controls'][0]['access_control_uuid'] = $access_control_uuid; - $array['access_controls'][0]['access_control_name'] = $access_control_name; - $array['access_controls'][0]['access_control_default'] = $access_control_default; - $array['access_controls'][0]['access_control_description'] = $access_control_description; - $database = new database; - $database->app_name = 'access_control'; - $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd'; - $database->save($array); - unset($array); + //save the data + $database = new database; + $database->app_name = 'access controls'; + $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd'; + $database->save($array); - //clear the cache - $cache = new cache; - $cache->delete("configuration:acl.conf"); - - //create the event socket connection - $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); - if ($fp) { event_socket_request($fp, "api reloadacl"); } + //redirect the user + if (isset($action)) { + if ($action == "add") { + $_SESSION["message"] = $text['message-add']; + } + if ($action == "update") { + $_SESSION["message"] = $text['message-update']; + } + //header('Location: access_controls.php'); + header('Location: access_control_edit.php?id='.urlencode($access_control_uuid)); + return; } - - //redirect the user - header('Location: '.($redirect_url ? $redirect_url : 'access_controls.php')); - exit; - } - -} + } //pre-populate the form - if (count($_GET) > 0 && $_POST["persistformvar"] != "true" && is_uuid($_GET["id"])) { - $access_control_uuid = $_GET["id"]; + if (is_array($_GET) && $_POST["persistformvar"] != "true") { $sql = "select * from v_access_controls "; $sql .= "where access_control_uuid = :access_control_uuid "; $parameters['access_control_uuid'] = $access_control_uuid; $database = new database; $row = $database->select($sql, $parameters, 'row'); - if (is_array($row) && sizeof($row)) { + if (is_array($row) && @sizeof($row) != 0) { $access_control_name = $row["access_control_name"]; $access_control_default = $row["access_control_default"]; + $access_control_nodes = $row["access_control_nodes"]; $access_control_description = $row["access_control_description"]; } - unset ($sql, $parameters, $row); + unset($sql, $parameters, $row); } +//get the child data + if (is_uuid($access_control_uuid)) { + $sql = "select * from v_access_control_nodes "; + $sql .= "where access_control_uuid = :access_control_uuid "; + $sql .= "order by node_cidr asc"; + $parameters['access_control_uuid'] = $access_control_uuid; + $database = new database; + $access_control_nodes = $database->select($sql, $parameters, 'all'); + unset ($sql, $parameters); + } + +//add the $access_control_node_uuid + if (!is_uuid($access_control_node_uuid)) { + $access_control_node_uuid = uuid(); + } + +//add an empty row + $x = is_array($access_control_nodes) ? count($access_control_nodes) : 0; + $access_control_nodes[$x]['access_control_uuid'] = $access_control_uuid; + $access_control_nodes[$x]['access_control_node_uuid'] = uuid(); + $access_control_nodes[$x]['node_type'] = ''; + $access_control_nodes[$x]['node_cidr'] = ''; + $access_control_nodes[$x]['node_domain'] = ''; + $access_control_nodes[$x]['node_description'] = ''; + //create token $object = new token; $token = $object->create($_SERVER['PHP_SELF']); @@ -171,67 +226,162 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { require_once "resources/header.php"; //show the content - echo "
\n"; + echo "\n"; + echo "\n"; echo "
\n"; echo "
".$text['title-access_control']."
\n"; echo "
\n"; - echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','style'=>'margin-right: 15px;','collapse'=>'hide-xs','link'=>'access_controls.php']); - if ($action == 'update' && permission_exists('access_control_delete')) { - echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'name'=>'btn_delete_access_control','collapse'=>'hide-xs','style'=>'margin-right: 15px;','onclick'=>"modal_open('modal-delete-access-control','btn_delete_access_control');"]); + echo " \n"; + if ($action == 'update') { + if (permission_exists('access_control_node_add')) { + echo " \n"; + } + if (permission_exists('access_control_node_delete')) { + echo " \n"; + } } - echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save','collapse'=>'hide-xs']); + echo " \n"; + echo "

\n"; echo "
\n"; - echo "
\n"; echo "
\n"; - if ($action == 'update' && permission_exists('access_control_delete')) { - echo modal::create(['id'=>'modal-delete-access-control','type'=>'delete','actions'=>button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete_access_control','style'=>'float: right; margin-left: 15px;','collapse'=>'never','name'=>'action','value'=>'delete','onclick'=>"modal_close();"])]); + echo "
".$text['description-access_controls']."
\n"; + echo "
\n"; + + if ($action == 'update') { + if (permission_exists('access_control_add')) { + echo modal::create(['id'=>'modal-copy','type'=>'copy','actions'=>button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_copy','style'=>'float: right; margin-left: 15px;','collapse'=>'never','name'=>'action','value'=>'copy','onclick'=>"modal_close();"])]); + } + if (permission_exists('access_control_delete')) { + echo modal::create(['id'=>'modal-delete','type'=>'delete','actions'=>button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','name'=>'action','value'=>'delete','onclick'=>"modal_close();"])]); + } } - echo "\n"; + echo "
\n"; echo "\n"; - echo "\n"; - echo "\n"; echo "\n"; echo "\n"; - echo "\n"; - echo "\n"; echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; echo "\n"; - echo "\n"; @@ -240,18 +390,10 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo "
\n"; + echo "\n"; echo " ".$text['label-access_control_name']."\n"; echo "\n"; - echo " \n"; + echo "\n"; + echo " \n"; echo "
\n"; echo $text['description-access_control_name']."\n"; echo "
\n"; + echo "\n"; echo " ".$text['label-access_control_default']."\n"; echo "\n"; - echo " \n"; + echo "\n"; + echo " \n"; echo "
\n"; echo $text['description-access_control_default']."\n"; echo "
\n"; + echo " ".$text['label-access_control_nodes']."\n"; + echo "\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + if (is_array($access_control_nodes) && @sizeof($access_control_nodes) > 1 && permission_exists('access_control_node_delete')) { + echo " \n"; + } + echo " \n"; + $x = 0; + foreach($access_control_nodes as $row) { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + if (is_array($access_control_nodes) && @sizeof($access_control_nodes) > 1 && permission_exists('access_control_node_delete')) { + if (is_uuid($row['access_control_node_uuid'])) { + echo " \n"; + } + else { + echo " \n"; + } + } + echo " \n"; + $x++; + } + echo "
".$text['label-node_type']."".$text['label-node_cidr']."".$text['label-node_domain']."".$text['label-node_description']."\n"; + echo " ".$text['label-action']."\n"; + echo " \n"; + echo "
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
\n"; + echo "
\n"; + echo $text['description-node_description']."\n"; + echo "
\n"; echo " ".$text['label-access_control_description']."\n"; echo "\n"; - echo " \n"; + echo "\n"; + echo " \n"; echo "
\n"; echo $text['description-access_control_description']."\n"; echo "
"; echo "

"; - if ($action == "update") { - echo "\n"; - } echo "\n"; echo "
"; - if ($action == "update") { - require "access_control_nodes.php"; - echo "

"; - } - //include the footer require_once "resources/footer.php"; diff --git a/app/access_controls/access_control_node_edit.php b/app/access_controls/access_control_node_edit.php deleted file mode 100644 index 277df3fb18..0000000000 --- a/app/access_controls/access_control_node_edit.php +++ /dev/null @@ -1,279 +0,0 @@ - - Portions created by the Initial Developer are Copyright (C) 2018 - the Initial Developer. All Rights Reserved. - Contributor(s): - Mark J Crane -*/ - -//includes - require_once "root.php"; - require_once "resources/require.php"; - require_once "resources/check_auth.php"; - -//check permissions - if (!permission_exists('access_control_node_add') && !permission_exists('access_control_node_edit')) { - echo "access denied"; exit; - } - -//add multi-lingual support - $language = new text; - $text = $language->get(); - -//action add or update - if (is_uuid($_REQUEST["id"])) { - $action = "update"; - $access_control_node_uuid = $_REQUEST["id"]; - } - else { - $action = "add"; - } - -//set the parent uuid - if (is_uuid($_GET["access_control_uuid"])) { - $access_control_uuid = $_GET["access_control_uuid"]; - } - -//get http post variables and set them to php variables - if (count($_POST)>0) { - $node_type = $_POST["node_type"]; - $node_cidr = $_POST["node_cidr"]; - $node_domain = $_POST["node_domain"]; - $node_description = $_POST["node_description"]; - } - -if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { - - //get the uuid - if ($action == "update" && is_uuid($_POST["access_control_node_uuid"])) { - $access_control_node_uuid = $_POST["access_control_node_uuid"]; - } - - //validate the token - $token = new token; - if (!$token->validate($_SERVER['PHP_SELF'])) { - message::add($text['message-invalid_token'],'negative'); - header('Location: access_controls.php'); - exit; - } - - //check for all required data - $msg = ''; - if (strlen($node_type) == 0) { $msg .= $text['message-required']." ".$text['label-node_type']."
\n"; } - //if (strlen($node_cidr) == 0) { $msg .= $text['message-required']." ".$text['label-node_cidr']."
\n"; } - //if (strlen($node_domain) == 0) { $msg .= $text['message-required']." ".$text['label-node_domain']."
\n"; } - //if (strlen($node_description) == 0) { $msg .= $text['message-required']." ".$text['label-node_description']."
\n"; } - - // check IPv4 and IPv6 CIDR notation - $pattern4 = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/'; - $pattern6 = '/^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$/'; - - if ($node_cidr != '' && (preg_match($pattern4, $node_cidr) == 0) && (preg_match($pattern6, $node_cidr) == 0)) { - $msg .= $text['message-required']." ".$text['label-node_cidr']."
\n"; - } - - if (strlen($msg) > 0 && strlen($_POST["persistformvar"]) == 0) { - require_once "resources/header.php"; - require_once "resources/persist_form_var.php"; - echo "
\n"; - echo "
\n"; - echo $msg."
"; - echo "
\n"; - persistformvar($_POST); - echo "
\n"; - require_once "resources/footer.php"; - return; - } - - //add or update the database - if ($_POST["persistformvar"] != "true") { - if ($action == "add" && permission_exists('access_control_node_add')) { - - //insert - $array['access_control_nodes'][0]['access_control_node_uuid'] = uuid(); - $array['access_control_nodes'][0]['access_control_uuid'] = $access_control_uuid; - $array['access_control_nodes'][0]['node_type'] = $node_type; - $array['access_control_nodes'][0]['node_cidr'] = $node_cidr; - $array['access_control_nodes'][0]['node_domain'] = $node_domain; - $array['access_control_nodes'][0]['node_description'] = $node_description; - $database = new database; - $database->app_name = 'access_controls'; - $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd'; - $database->save($array); - unset($array); - - //clear the cache - $cache = new cache; - $cache->delete("configuration:acl.conf"); - - //create the event socket connection - $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); - if ($fp) { event_socket_request($fp, "api reloadacl"); } - - //add the message - message::add($text['message-add']); - - //redirect the browser - header('Location: access_control_edit.php?id='.escape($access_control_uuid)); - return; - - } //if ($action == "add") - - if ($action == "update" && permission_exists('access_control_node_edit')) { - - //update - $array['access_control_nodes'][0]['access_control_node_uuid'] = $access_control_node_uuid; - $array['access_control_nodes'][0]['access_control_uuid'] = $access_control_uuid; - $array['access_control_nodes'][0]['node_type'] = $node_type; - $array['access_control_nodes'][0]['node_cidr'] = $node_cidr; - $array['access_control_nodes'][0]['node_domain'] = $node_domain; - $array['access_control_nodes'][0]['node_description'] = $node_description; - $database = new database; - $database->app_name = 'access_controls'; - $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd'; - $database->save($array); - unset($array); - - //clear the cache - $cache = new cache; - $cache->delete("configuration:acl.conf"); - - //create the event socket connection - $fp = event_socket_create($_SESSION['event_socket_ip_address'], $_SESSION['event_socket_port'], $_SESSION['event_socket_password']); - if ($fp) { event_socket_request($fp, "api reloadacl"); } - - //add the message - message::add($text['message-update']); - - //redirect the browser - header('Location: access_control_edit.php?id='.escape($access_control_uuid)); - return; - - } //if ($action == "update") - } //if ($_POST["persistformvar"] != "true") -} //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) - -//pre-populate the form - if (count($_GET) > 0 && $_POST["persistformvar"] != "true" && is_uuid($_GET["id"])) { - $access_control_node_uuid = $_GET["id"]; - $sql = "select * from v_access_control_nodes "; - $sql .= "where access_control_node_uuid = :access_control_node_uuid "; - $parameters['access_control_node_uuid'] = $access_control_node_uuid; - $database = new database; - $row = $database->select($sql, $parameters, 'row'); - if (is_array($row) && sizeof($row) != 0) { - $node_type = $row["node_type"]; - $node_cidr = $row["node_cidr"]; - $node_domain = $row["node_domain"]; - $node_description = $row["node_description"]; - } - unset($sql, $parameters, $row); - } - -//create token - $object = new token; - $token = $object->create($_SERVER['PHP_SELF']); - -//show the header - $document['title'] = $text['title-access_control_node']; - require_once "resources/header.php"; - -//show the content - echo "
\n"; - - echo "
\n"; - echo "
".$text['title-access_control_node']."
\n"; - echo "
\n"; - echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','style'=>'margin-right: 15px;','link'=>'access_control_edit.php?id='.urlencode($access_control_uuid)]); - echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save']); - echo "
\n"; - echo "
\n"; - echo "
\n"; - - echo "\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - echo "
\n"; - echo " ".$text['label-node_type']."\n"; - echo "\n"; - echo " \n"; - echo "
\n"; - echo $text['description-node_type']."\n"; - echo "
\n"; - echo " ".$text['label-node_cidr']."\n"; - echo "\n"; - echo " \n"; - echo "
\n"; - echo $text['description-node_cidr']."\n"; - echo "
\n"; - echo " ".$text['label-node_domain']."\n"; - echo "\n"; - echo " \n"; - echo "
\n"; - echo $text['description-node_domain']."\n"; - echo "
\n"; - echo " ".$text['label-node_description']."\n"; - echo "\n"; - echo " \n"; - echo "
\n"; - echo $text['description-node_description']."\n"; - echo "
"; - echo "

"; - - echo "\n"; - if ($action == "update") { - echo "\n"; - } - echo "\n"; - - echo "
"; - -//include the footer - require_once "resources/footer.php"; - -?> \ No newline at end of file diff --git a/app/access_controls/access_control_nodes.php b/app/access_controls/access_control_nodes.php deleted file mode 100644 index 364dbc4180..0000000000 --- a/app/access_controls/access_control_nodes.php +++ /dev/null @@ -1,197 +0,0 @@ - - Portions created by the Initial Developer are Copyright (C) 2019 - the Initial Developer. All Rights Reserved. - Contributor(s): - Mark J Crane -*/ - -//includes - require_once "root.php"; - require_once "resources/require.php"; - require_once "resources/check_auth.php"; - require_once "resources/paging.php"; - -//check permissions - if (!permission_exists('access_control_node_view')) { - echo "access denied"; - exit; - } - -//get the http post data - if ($_POST['action'] != '') { - $action = $_POST['action']; - $access_control_uuid = $_POST['access_control_uuid']; - $access_control_nodes = $_POST['access_control_nodes']; - - //process the http post data by action - if (is_array($access_control_nodes) && @sizeof($access_control_nodes) != 0) { - switch ($action) { - case 'delete': - if (permission_exists('access_control_node_delete')) { - $obj = new access_controls; - $obj->delete_nodes($access_control_nodes); - } - break; - } - } - - //redirect - header('Location: access_control_edit.php?id='.urlencode($access_control_uuid)); - exit; - } - -//add multi-lingual support - $language = new text; - $text = $language->get(); - -//get variables used to control the order - $order_by = $_GET["order_by"]; - $order = $_GET["order"]; - -//prepare to page the results - $sql = "select count(*) from v_access_control_nodes "; - $sql .= "where access_control_uuid = :access_control_uuid "; - $parameters['access_control_uuid'] = $access_control_uuid; - $database = new database; - $num_rows = $database->select($sql, $parameters, 'column'); - -//prepare to page the results - $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; - $param = "&id=".escape($access_control_uuid); - if (isset($_GET['page'])) { - $page = $_GET['page']; - if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; } - list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page); - $offset = $rows_per_page * $page; - } - -//get the list - $sql = "select * from v_access_control_nodes "; - $sql .= "where access_control_uuid = :access_control_uuid "; - $sql .= order_by($order_by, $order); - $sql .= limit_offset($rows_per_page, $offset); - $parameters['access_control_uuid'] = $access_control_uuid; - $database = new database; - $access_control_nodes = $database->select($sql, $parameters); - -//create token - $object = new token; - $token = $object->create('/app/access_controls/access_control_nodes.php'); - -//show the content - echo "
\n"; - echo "\n"; - echo "\n"; - - echo "
\n"; - echo "
".$text['title-access_control_nodes']." (".$num_rows.")
\n"; - echo "
\n"; - echo button::create(['type'=>'button','id'=>'action_bar_sub_button_back','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'collapse'=>'hide-xs','style'=>'margin-right: 15px; display: none;','link'=>'access_controls.php']); - if (permission_exists('access_control_node_add')) { - echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'id'=>'btn_add','collapse'=>'hide-xs','link'=>'access_control_node_edit.php?access_control_uuid='.urlencode($_GET['id'])]); - } - if (permission_exists('access_control_node_delete') && $access_control_nodes) { - echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'name'=>'btn_delete','collapse'=>'hide-xs','onclick'=>"modal_open('modal-delete-access-control-node','btn_delete_access_control_node');"]); - } - echo "
\n"; - echo "
\n"; - echo "
\n"; - - if (permission_exists('access_control_node_delete') && $access_control_nodes) { - echo modal::create(['id'=>'modal-delete-access-control-node','type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete_access_control_node','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); list_form_submit('form_list');"])]); - } - - echo "\n"; - echo "\n"; - if (permission_exists('access_control_node_delete')) { - echo " \n"; - } - echo th_order_by('node_type', $text['label-node_type'], $order_by, $order); - echo th_order_by('node_cidr', $text['label-node_cidr'], $order_by, $order); - echo th_order_by('node_domain', $text['label-node_domain'], $order_by, $order); - echo th_order_by('node_description', $text['label-node_description'], $order_by, $order, null, "class='hide-sm-dn'"); - if (permission_exists('access_control_node_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') { - echo " \n"; - } - echo "\n"; - - if (is_array($access_control_nodes) && @sizeof($access_control_nodes) != 0) { - $x = 0; - foreach ($access_control_nodes as $row) { - if (permission_exists('access_control_node_edit')) { - $list_row_url = 'access_control_node_edit.php?access_control_uuid='.urlencode($row['access_control_uuid'])."&id=".urlencode($row['access_control_node_uuid']); - } - echo "\n"; - if (permission_exists('access_control_node_delete')) { - echo " \n"; - } - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - if (permission_exists('access_control_node_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') { - echo " \n"; - } - echo "\n"; - $x++; - } - unset($access_control_nodes); - } - - echo "
\n"; - echo " \n"; - echo "  
\n"; - echo " \n"; - echo " \n"; - echo " ".escape($row['node_type'])." \n"; - if (permission_exists('access_control_node_edit')) { - echo " ".escape($row['node_cidr'])."\n"; - } - else { - echo " ".escape($row['node_cidr']); - } - echo " ".escape($row['node_domain'])." ".escape($row['node_description'])." \n"; - echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]); - echo "
\n"; - echo "
\n"; - - echo "\n"; - echo "
\n"; - -//make sub action bar sticky - echo "\n"; - -//include the footer - require_once "resources/footer.php"; - -?> \ No newline at end of file diff --git a/app/access_controls/access_controls.php b/app/access_controls/access_controls.php index 9784ab4449..e5b3fceb07 100644 --- a/app/access_controls/access_controls.php +++ b/app/access_controls/access_controls.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2018 + Portions created by the Initial Developer are Copyright (C) 2018 - 2020 the Initial Developer. All Rights Reserved. Contributor(s): @@ -28,18 +28,21 @@ require_once "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; - require_once "resources/paging.php"; //check permissions - if (!permission_exists('access_control_view')) { - echo "access denied"; exit; + if (permission_exists('access_control_view')) { + //access granted + } + else { + echo "access denied"; + exit; } //add multi-lingual support $language = new text; $text = $language->get(); -//get posted data +//get the http post data if (is_array($_POST['access_controls'])) { $action = $_POST['action']; $search = $_POST['search']; @@ -48,60 +51,89 @@ //process the http post data by action if ($action != '' && is_array($access_controls) && @sizeof($access_controls) != 0) { + + //validate the token + $token = new token; + if (!$token->validate($_SERVER['PHP_SELF'])) { + message::add($text['message-invalid_token'],'negative'); + header('Location: access_controls.php'); + exit; + } + + //prepare the array + foreach($access_controls as $row) { + $array['access_controls'][$x]['checked'] = $row['checked']; + $array['access_controls'][$x]['access_control_uuid'] = $row['access_control_uuid']; + $x++; + } + + //prepare the database object + $database = new database; + $database->app_name = 'access_controls'; + $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd'; + + //send the array to the database class switch ($action) { case 'copy': if (permission_exists('access_control_add')) { - $obj = new access_controls; - $obj->copy($access_controls); + $database->copy($array); + } + break; + case 'toggle': + if (permission_exists('access_control_edit')) { + $database->toggle($array); } break; case 'delete': if (permission_exists('access_control_delete')) { - $obj = new access_controls; - $obj->delete($access_controls); + $database->delete($array); } break; } + //redirect the user header('Location: access_controls.php'.($search != '' ? '?search='.urlencode($search) : null)); exit; } -//get variables used to control the order +//get order and order by $order_by = $_GET["order_by"]; $order = $_GET["order"]; -//add the search term - $search = strtolower($_GET["search"]); - if (strlen($search) > 0) { - $sql_search = " ("; - $sql_search .= "lower(access_control_name) like :search "; - $sql_search .= "or lower(access_control_default) like :search "; - $sql_search .= "or lower(access_control_description) like :search "; - $sql_search .= ") "; +//add the search + if (isset($_GET["search"])) { + $search = strtolower($_GET["search"]); $parameters['search'] = '%'.$search.'%'; } -//prepare to page the results - $sql = "select count(*) from v_access_controls "; - if (isset($sql_search)) { - $sql .= "where ".$sql_search; +//get the count + $sql = "select count(access_control_uuid) "; + $sql .= "from v_access_controls "; + if (isset($_GET["search"])) { + $sql .= "where ("; + $sql .= " lower(access_control_name) like :search "; + $sql .= " or lower(access_control_default) like :search "; + $sql .= " or lower(access_control_description) like :search "; + $sql .= ") "; } $database = new database; $num_rows = $database->select($sql, $parameters, 'column'); -//prepare to page the results - $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; - $param = "&search=".$search; - $page = $_GET['page']; - if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; } - list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page); - list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true); - $offset = $rows_per_page * $page; - //get the list - $sql = str_replace('count(*)', '*', $sql); - $sql .= order_by($order_by, $order); + $sql = "select "; + $sql .= "access_control_uuid, "; + $sql .= "access_control_name, "; + $sql .= "access_control_default, "; + $sql .= "access_control_description "; + $sql .= "from v_access_controls "; + if (isset($_GET["search"])) { + $sql .= "where ("; + $sql .= " lower(access_control_name) like :search "; + $sql .= " or lower(access_control_default) like :search "; + $sql .= " or lower(access_control_description) like :search "; + $sql .= ") "; + } + $sql .= order_by($order_by, $order, 'access_control_name', 'asc'); $sql .= limit_offset($rows_per_page, $offset); $database = new database; $access_controls = $database->select($sql, $parameters, 'all'); @@ -111,7 +143,7 @@ $object = new token; $token = $object->create($_SERVER['PHP_SELF']); -//include the header +//additional includes $document['title'] = $text['title-access_controls']; require_once "resources/header.php"; @@ -120,20 +152,20 @@ echo "
".$text['title-access_controls']." (".$num_rows.")
\n"; echo "
\n"; if (permission_exists('access_control_add')) { - echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'id'=>'btn_add','link'=>'access_control_edit.php']); + echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'id'=>'btn_add','name'=>'btn_add','link'=>'access_control_edit.php']); } if (permission_exists('access_control_add') && $access_controls) { - echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'name'=>'btn_copy','onclick'=>"modal_open('modal-copy','btn_copy');"]); + echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'id'=>'btn_copy','name'=>'btn_copy','style'=>'display:none;','onclick'=>"modal_open('modal-copy','btn_copy');"]); } if (permission_exists('access_control_delete') && $access_controls) { - echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'name'=>'btn_delete','onclick'=>"modal_open('modal-delete','btn_delete');"]); + echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'id'=>'btn_delete','name'=>'btn_delete','style'=>'display:none;','onclick'=>"modal_open('modal-delete','btn_delete');"]); } echo "\n"; echo "
\n"; @@ -147,7 +179,7 @@ echo modal::create(['id'=>'modal-delete','type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); list_form_submit('form_list');"])]); } - echo $text['description-access_control']."\n"; + echo $text['description-access_controls']."\n"; echo "

\n"; echo "
\n"; @@ -156,37 +188,44 @@ echo "\n"; echo "\n"; - if (permission_exists('access_control_add') || permission_exists('access_control_delete')) { + if (permission_exists('access_control_add') || permission_exists('access_control_edit') || permission_exists('access_control_delete')) { echo " \n"; } echo th_order_by('access_control_name', $text['label-access_control_name'], $order_by, $order); echo th_order_by('access_control_default', $text['label-access_control_default'], $order_by, $order); - echo th_order_by('access_control_description', $text['label-access_control_description'], $order_by, $order, null, "class='hide-xs'"); + echo " \n"; if (permission_exists('access_control_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') { echo " \n"; } echo "\n"; - if (is_array($access_controls)) { + if (is_array($access_controls) && @sizeof($access_controls) != 0) { $x = 0; - foreach($access_controls as $row) { + foreach ($access_controls as $row) { if (permission_exists('access_control_edit')) { $list_row_url = "access_control_edit.php?id=".urlencode($row['access_control_uuid']); } echo "\n"; - if (permission_exists('access_control_add') || permission_exists('access_control_delete')) { + if (permission_exists('access_control_add') || permission_exists('access_control_edit') || permission_exists('access_control_delete')) { echo " \n"; } - echo " \n"; + echo " \n"; echo " \n"; - echo " \n"; + echo " \n"; if (permission_exists('access_control_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') { - echo " \n"; } diff --git a/app/access_controls/app_languages.php b/app/access_controls/app_languages.php index f8e868b695..7392d7be2c 100644 --- a/app/access_controls/app_languages.php +++ b/app/access_controls/app_languages.php @@ -85,6 +85,27 @@ $text['title-access_control']['ru-ru'] = "Управление доступом" $text['title-access_control']['sv-se'] = "Åtkomstkontroll"; $text['title-access_control']['uk-ua'] = "Управління доступом"; +$text['description-access_controls']['en-us'] = "Access control list can allow or deny ranges of IP addresses."; +$text['description-access_controls']['en-gb'] = "Access control list can allow or deny ranges of IP addresses."; +$text['description-access_controls']['ar-eg'] = "قائمة التحكم بالوصول يمكن السماح أو الرفض نطاقات العناوين."; +$text['description-access_controls']['de-at'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen."; //copied from de-de +$text['description-access_controls']['de-ch'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen."; //copied from de-de +$text['description-access_controls']['de-de'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen."; +$text['description-access_controls']['es-cl'] = " Lista de control de acceso puede permitir o denegar los rangos de direcciones IP."; +$text['description-access_controls']['es-mx'] = " Lista de control de acceso puede permitir o denegar los rangos de direcciones IP."; //copied from es-cl +$text['description-access_controls']['fr-ca'] = " Liste de contrôle d'accès peut autoriser ou refuser des plages d'adresses IP."; //copied from fr-fr +$text['description-access_controls']['fr-fr'] = " Liste de contrôle d'accès peut autoriser ou refuser des plages d'adresses IP."; +$text['description-access_controls']['he-il'] = " רשימת בקרת גישה יכולה לאפשר או למנוע טווחים של כתובות IP."; +$text['description-access_controls']['it-it'] = "Le liste per il controllo di accesso permettono o negano l'accesso a range di IP."; +$text['description-access_controls']['nl-nl'] = "Toegang Controle lijst kan IP adres reeks toestaan of verbieden."; +$text['description-access_controls']['pl-pl'] = "Lista kontroli dostępu może umożliwić lub zablokować zakresy adresów IP."; +$text['description-access_controls']['pt-br'] = "Lista de controle de acesso pode permitir ou negar intervalos de endereços IP."; //copied from pt-pt +$text['description-access_controls']['pt-pt'] = "Lista de controle de acesso pode permitir ou negar intervalos de endereços IP."; +$text['description-access_controls']['ro-ro'] = "Lista de control al accesului poate permite sau refuza intervale de adrese IP."; +$text['description-access_controls']['ru-ru'] = "Контроль доступа может разрешить или запретить диапазоны IP адресов."; +$text['description-access_controls']['sv-se'] = "Åtkomstkontrollista kan tillåta eller neka intervall av IP-adresser."; +$text['description-access_controls']['uk-ua'] = "Список контролю доступу може дозволити або заборонити діапазони IP-адрес."; + $text['label-node_type']['en-us'] = "Type"; $text['label-node_type']['en-gb'] = "Type"; $text['label-node_type']['ar-eg'] = "اكتب"; @@ -419,27 +440,6 @@ $text['description-access_control_default']['pt-pt'] = "Selecione o tipo de padr $text['description-access_control_default']['ro-ro'] = "Selectați tipul implicit."; $text['description-access_control_default']['ru-ru'] = "Выберите тип по умолчанию."; $text['description-access_control_default']['sv-se'] = "Välj standardtypen."; -$text['description-access_control_default']['uk-ua'] = "Вибір типу за замовчуванням."; +$text['description-access_control_default']['uk-ua'] = "Вибір типу за замовчуванням.";= -$text['description-access_control']['en-us'] = "Access control list can allow or deny ranges of IP addresses."; -$text['description-access_control']['en-gb'] = "Access control list can allow or deny ranges of IP addresses."; -$text['description-access_control']['ar-eg'] = "قائمة التحكم بالوصول يمكن السماح أو الرفض نطاقات العناوين."; -$text['description-access_control']['de-at'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen."; //copied from de-de -$text['description-access_control']['de-ch'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen."; //copied from de-de -$text['description-access_control']['de-de'] = " Die Zugriffskontrollliste kann Bereiche von IP Adressen zulassen oder ablehnen."; -$text['description-access_control']['es-cl'] = " Lista de control de acceso puede permitir o denegar los rangos de direcciones IP."; -$text['description-access_control']['es-mx'] = " Lista de control de acceso puede permitir o denegar los rangos de direcciones IP."; //copied from es-cl -$text['description-access_control']['fr-ca'] = " Liste de contrôle d'accès peut autoriser ou refuser des plages d'adresses IP."; //copied from fr-fr -$text['description-access_control']['fr-fr'] = " Liste de contrôle d'accès peut autoriser ou refuser des plages d'adresses IP."; -$text['description-access_control']['he-il'] = " רשימת בקרת גישה יכולה לאפשר או למנוע טווחים של כתובות IP."; -$text['description-access_control']['it-it'] = "Le liste per il controllo di accesso permettono o negano l'accesso a range di IP."; -$text['description-access_control']['nl-nl'] = "Toegang Controle lijst kan IP adres reeks toestaan of verbieden."; -$text['description-access_control']['pl-pl'] = "Lista kontroli dostępu może umożliwić lub zablokować zakresy adresów IP."; -$text['description-access_control']['pt-br'] = "Lista de controle de acesso pode permitir ou negar intervalos de endereços IP."; //copied from pt-pt -$text['description-access_control']['pt-pt'] = "Lista de controle de acesso pode permitir ou negar intervalos de endereços IP."; -$text['description-access_control']['ro-ro'] = "Lista de control al accesului poate permite sau refuza intervale de adrese IP."; -$text['description-access_control']['ru-ru'] = "Контроль доступа может разрешить или запретить диапазоны IP адресов."; -$text['description-access_control']['sv-se'] = "Åtkomstkontrollista kan tillåta eller neka intervall av IP-adresser."; -$text['description-access_control']['uk-ua'] = "Список контролю доступу може дозволити або заборонити діапазони IP-адрес."; - -?> +?> \ No newline at end of file
\n"; - echo " \n"; + echo " \n"; echo " ".$text['label-access_control_description']." 
\n"; - echo " \n"; - echo " \n"; + echo " \n"; + echo " \n"; echo " ".escape($row['access_control_name'])."\n"; + if (permission_exists('access_control_edit')) { + echo " ".escape($row['access_control_name'])."\n"; + } + else { + echo " ".escape($row['access_control_name']); + } + echo " ".escape($row['access_control_default'])."".escape($row['access_control_description'])."".escape($row['access_control_description']).""; + echo " \n"; echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]); echo "