Portions created by the Initial Developer are Copyright (C) 2018-2024 the Initial Developer. All Rights Reserved. */ //includes files require_once dirname(__DIR__, 2) . "/resources/require.php"; require_once "resources/check_auth.php"; //check permissions if (permission_exists('access_control_add') || permission_exists('access_control_edit')) { //access granted } else { echo "access denied"; exit; } //add multi-lingual support $language = new text; $text = $language->get(); //create the database connection $database = database::new(); //action add or update if (!empty($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) { $action = "update"; $access_control_uuid = $_REQUEST["id"]; $id = $_REQUEST["id"]; } else { $action = "add"; $access_control_uuid = uuid(); } //get http post variables and set them to php variables if (is_array($_POST) && @sizeof($_POST) != 0) { $access_control_name = $_POST["access_control_name"]; $access_control_default = $_POST["access_control_default"]; $access_control_nodes = $_POST["access_control_nodes"]; $access_control_description = $_POST["access_control_description"]; } //process the user data and save it to the database if (count($_POST) > 0 && empty($_POST["persistformvar"])) { //enforce valid data if ($access_control_name == 'providers' || $access_control_name == 'domains') { $access_control_default = 'deny'; } if ($access_control_default != 'allow' && $access_control_default != 'deny') { $access_control_default = 'deny'; } //validate the token $token = new token; if (!$token->validate($_SERVER['PHP_SELF'])) { message::add($text['message-invalid_token'],'negative'); header('Location: access_controls.php'); exit; } //process the http post data by submitted action if (!empty($_POST['action'])) { //prepare the array(s) $x = 0; foreach ($_POST['access_control_nodes'] as $row) { if (is_uuid($row['access_control_uuid']) && $row['checked'] === 'true') { $array['access_controls'][$x]['checked'] = $row['checked']; $array['access_controls'][$x]['access_control_nodes'][]['access_control_node_uuid'] = $row['access_control_node_uuid']; $x++; } } //send the array to the database class switch ($_POST['action']) { case 'copy': if (permission_exists('access_control_add')) { $database->copy($array); } break; case 'delete': if (permission_exists('access_control_delete')) { $database->delete($array); } break; case 'toggle': if (permission_exists('access_control_update')) { $database->toggle($array); } break; } //clear the cache, reloadacl and redirect the user if (in_array($_POST['action'], array('copy', 'delete', 'toggle'))) { //clear the cache $cache = new cache; $cache->delete("configuration:acl.conf"); //create the event socket connection event_socket::api("reloadacl"); //redirect the user header('Location: access_control_edit.php?id='.$id); exit; } } //check for all required data $msg = ''; if (empty($access_control_name)) { $msg .= $text['message-required']." ".$text['label-access_control_name']."
\n"; } if (empty($access_control_default)) { $msg .= $text['message-required']." ".$text['label-access_control_default']."
\n"; } //if (empty($access_control_nodes)) { $msg .= $text['message-required']." ".$text['label-access_control_nodes']."
\n"; } //if (empty($access_control_description)) { $msg .= $text['message-required']." ".$text['label-access_control_description']."
\n"; } if (!empty($msg) && empty($_POST["persistformvar"])) { require_once "resources/header.php"; require_once "resources/persist_form_var.php"; echo "
\n"; echo "
\n"; echo $msg."
"; echo "
\n"; persistformvar($_POST); echo "
\n"; require_once "resources/footer.php"; return; } //prepare the array $array['access_controls'][0]['access_control_uuid'] = $access_control_uuid; $array['access_controls'][0]['access_control_name'] = $access_control_name; $array['access_controls'][0]['access_control_default'] = $access_control_default; $array['access_controls'][0]['access_control_description'] = $access_control_description; $y = 0; if (!empty($access_control_nodes) && is_array($access_control_nodes)) { foreach ($access_control_nodes as $row) { //validate the data if (!is_uuid($row["access_control_node_uuid"])) { continue; } if ($row["node_type"] != 'allow' && $row["node_type"] != 'deny') { continue; } if (isset($row["node_cidr"]) && $row["node_cidr"] != '') { $cidr_array = explode("/", str_replace("\\", "/", $row["node_cidr"])); if (filter_var($cidr_array[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { if (isset($cidr_array[1]) && is_numeric($cidr_array[1])) { //valid IPv4 address and cidr notation $node_cidr = $row["node_cidr"]; } else { //valid IPv4 address add the missing cidr notation $node_cidr = $row["node_cidr"].'/32'; } } else if(filter_var($cidr_array[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { //valid IPv6 address $node_cidr = $row["node_cidr"]; } //build the sub array if (!empty($node_cidr)) { $array['access_controls'][0]['access_control_nodes'][$y]['access_control_node_uuid'] = $row["access_control_node_uuid"]; $array['access_controls'][0]['access_control_nodes'][$y]['node_type'] = $row["node_type"]; $array['access_controls'][0]['access_control_nodes'][$y]['node_cidr'] = $node_cidr; $array['access_controls'][0]['access_control_nodes'][$y]['node_description'] = $row["node_description"]; $y++; //unset values unset($cidr_array, $node_cidr); } //digs to attempt else { $digs[] = [ 'type'=>$row['node_type'], 'value'=>$row['node_cidr'], 'description'=>$row['node_description'], ]; } } } //attempt digs if (!empty($digs) && is_array($digs)) { foreach ($digs as $dig) { $response = shell_exec("dig +noall +answer ".escapeshellarg(str_replace(' ', '', $dig['value']))." | awk '{ print $5 }'"); if (!empty($response)) { $lines = explode("\n", $response); foreach ($lines as $l => $line) { if (!empty($line) && filter_var($line, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { //check for duplicate if (!empty($array['access_controls'][0]['access_control_nodes']) && is_array($array['access_controls'][0]['access_control_nodes'])) { foreach ($array['access_controls'][0]['access_control_nodes'] as $n => $node) { if ($node['node_cidr'] == $line.'/32') { continue 2; } } } //add to array $array['access_controls'][0]['access_control_nodes'][$y]['access_control_node_uuid'] = uuid(); $array['access_controls'][0]['access_control_nodes'][$y]['node_type'] = $dig['type']; $array['access_controls'][0]['access_control_nodes'][$y]['node_cidr'] = $line.'/32'; $array['access_controls'][0]['access_control_nodes'][$y]['node_description'] = !empty($dig['description']) ? $dig['description'] : str_replace(' ', '', $dig['value']); $y++; } } } } } } //save the data if (is_array($array)) { $database->app_name = 'access controls'; $database->app_uuid = '1416a250-f6e1-4edc-91a6-5c9b883638fd'; $database->save($array); } //clear the cache $cache = new cache; $cache->delete("configuration:acl.conf"); //create the event socket connection event_socket::async("reloadacl"); //redirect the user if (isset($action)) { if ($action == "add") { $_SESSION["message"] = $text['message-add']; } if ($action == "update") { $_SESSION["message"] = $text['message-update']; } //header('Location: access_controls.php'); header('Location: access_control_edit.php?id='.urlencode($access_control_uuid)); return; } } //set default values $access_control_name = ''; $access_control_default = ''; $access_control_description = ''; //pre-populate the form if (!empty($access_control_uuid) && is_uuid($access_control_uuid) && empty($_POST["persistformvar"])) { $sql = "select * from v_access_controls "; $sql .= "where access_control_uuid = :access_control_uuid "; $parameters['access_control_uuid'] = $access_control_uuid; $row = $database->select($sql, $parameters, 'row'); if (!empty($row) && count($row) > 0) { $access_control_name = $row["access_control_name"]; $access_control_default = $row["access_control_default"]; $access_control_description = $row["access_control_description"]; } unset($sql, $parameters, $row); } //get the child data if (!empty($access_control_uuid) && is_uuid($access_control_uuid)) { $sql = "select * from v_access_control_nodes "; $sql .= "where access_control_uuid = :access_control_uuid "; $sql .= "order by node_cidr asc"; $parameters['access_control_uuid'] = $access_control_uuid; $access_control_nodes = $database->select($sql, $parameters, 'all'); unset ($sql, $parameters); } //add the $access_control_node_uuid if (empty($access_control_node_uuid)) { $access_control_node_uuid = uuid(); } //add an empty row if (!empty($access_control_nodes) && count($access_control_nodes) > 0) { $x = count($access_control_nodes); } else { $access_control_nodes = array(); $x = 0; } $access_control_nodes[$x]['access_control_uuid'] = $access_control_uuid ?? ''; $access_control_nodes[$x]['access_control_node_uuid'] = uuid(); $access_control_nodes[$x]['node_type'] = ''; $access_control_nodes[$x]['node_cidr'] = ''; $access_control_nodes[$x]['node_description'] = ''; //create token $object = new token; $token = $object->create($_SERVER['PHP_SELF']); //show the header $document['title'] = $text['title-access_control']; require_once "resources/header.php"; //show the content echo "
\n"; echo "\n"; echo "
\n"; echo "
".$text['title-access_control']."
\n"; echo "
\n"; echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'id'=>'btn_back','collapse'=>'hide-xs','style'=>'margin-right: 15px;','link'=>'access_controls.php']); if ($action == 'update') { if (permission_exists('access_control_node_add')) { echo button::create(['type'=>'button','label'=>$text['button-import'],'icon'=>$_SESSION['theme']['button_icon_import'],'style'=>'margin-right: 3px;','link'=>'access_control_import.php?id='.escape($access_control_uuid)]); } if (permission_exists('access_control_node_view')) { echo button::create(['type'=>'button','label'=>$text['button-export'],'icon'=>$_SESSION['theme']['button_icon_export'],'style'=>'margin-right: 3px;','link'=>'access_control_export.php?id='.escape($access_control_uuid)]); } if (permission_exists('access_control_node_add')) { echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'id'=>'btn_copy','name'=>'btn_copy','style'=>'display: none;','onclick'=>"modal_open('modal-copy','btn_copy');"]); } if (permission_exists('access_control_node_delete')) { echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'id'=>'btn_delete','name'=>'btn_delete','style'=>'display: none; margin-right: 15px;','onclick'=>"modal_open('modal-delete','btn_delete');"]); } } echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save'],'id'=>'btn_save','collapse'=>'hide-xs']); echo "
\n"; echo "
\n"; echo "
\n"; echo $text['title_description-access_controls']."\n"; echo "

\n"; if ($action == 'update') { if (permission_exists('access_control_add')) { echo modal::create(['id'=>'modal-copy','type'=>'copy','actions'=>button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_copy','style'=>'float: right; margin-left: 15px;','collapse'=>'never','name'=>'action','value'=>'copy','onclick'=>"modal_close();"])]); } if (permission_exists('access_control_delete')) { echo modal::create(['id'=>'modal-delete','type'=>'delete','actions'=>button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','name'=>'action','value'=>'delete','onclick'=>"modal_close();"])]); } } if ($action == 'update') { if (permission_exists('access_control_add')) { echo modal::create(['id'=>'modal-copy','type'=>'copy','actions'=>button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_copy','style'=>'float: right; margin-left: 15px;','collapse'=>'never','name'=>'action','value'=>'copy','onclick'=>"modal_close();"])]); } if (permission_exists('access_control_delete')) { echo modal::create(['id'=>'modal-delete','type'=>'delete','actions'=>button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','name'=>'action','value'=>'delete','onclick'=>"modal_close();"])]); } } echo "
\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "
\n"; echo " ".$text['label-access_control_name']."\n"; echo "\n"; echo " \n"; echo "
\n"; echo $text['description-access_control_name']."\n"; echo "
\n"; echo " ".$text['label-access_control_default']."\n"; echo "\n"; echo " \n"; echo "
\n"; echo $text['description-access_control_default']."\n"; echo "
\n"; echo " ".$text['label-access_control_nodes']."\n"; echo "\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; if (is_array($access_control_nodes) && @sizeof($access_control_nodes) > 1 && permission_exists('access_control_node_delete')) { echo " \n"; } echo " \n"; $x = 0; foreach($access_control_nodes as $row) { echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; if (is_array($access_control_nodes) && @sizeof($access_control_nodes) > 1 && permission_exists('access_control_node_delete')) { if (is_uuid($row['access_control_node_uuid'])) { echo " \n"; } else { echo " \n"; } } echo " \n"; $x++; } echo "
".$text['label-node_type']."".$text['label-node_cidr']."".$text['label-node_description']."\n"; echo " ".$text['label-action']."\n"; echo " \n"; echo "
\n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; echo "
\n"; echo $text['description-node_description']."\n"; echo "
\n"; echo " ".$text['label-access_control_description']."\n"; echo "\n"; echo " \n"; echo "
\n"; echo $text['description-access_control_description']."\n"; echo "
"; echo "
"; echo "

"; echo "\n"; echo "
"; //include the footer require_once "resources/footer.php"; ?>