PageRenderTime 50ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 0ms

/var/www/html/site/admin/manageFolderEditSubmit.php

https://gitlab.com/Rodrigj98/phpipam
PHP | 143 lines | 90 code | 24 blank | 29 comment | 31 complexity | 3df5d46371d9e3827d957224c782f4d0 MD5 | raw file
Possible License(s): LGPL-2.1 
    

  1. <?php
    2. 

  2. 

  3. /** 
    4. 

  4.  * Function to add / edit / delete section
    5. 

  5.  ********************************************/
    6. 

  6. 

  7. /* required functions */
    8. 

  8. require_once('../../functions/functions.php');
    9. 

  9. 

  10. /* verify that user is logged in */
    11. 

  11. isUserAuthenticated(true);
    12. 

  12. 

  13. /* filter input */
    14. 

  14. $_POST = filter_user_input($_POST, true, true, false);
    15. 

  15. $_POST['action'] = filter_user_input($_POST['action'], false, false, true);
    16. 

  16. 

  17. /* must be numeric */
    18. 

  18. if($_POST['action']!="add") {
    19. 

  19. 	if(!is_numeric($_POST['subnetId']))		{ die('<div class="alert alert-danger">'._("Invalid ID").'</div>'); }
    20. 

  20. }
    21. 

  21. 

  22. /* verify that user has permissions if add */
    23. 

  23. if($_POST['action'] == "add") {
    24. 

  24. 	$sectionPerm = checkSectionPermission ($_POST['sectionId']);
    25. 

  25. 	if($sectionPerm != 3) {
    26. 

  26. 		die("<div class='alert alert alert-danger'>"._('You do not have permissions to add new subnet in this section')."!</div>");
    27. 

  27. 	}
    28. 

  28. }
    29. 

  29. /* otherwise check subnet permission */
    30. 

  30. else {
    31. 

  31. 	$subnetPerm = checkSubnetPermission ($_POST['subnetId']);
    32. 

  32. 	if($subnetPerm != 3) {
    33. 

  33. 		die("<div class='alert alert alert-danger'>"._('You do not have permissions to add edit/delete this subnet')."!</div>");
    34. 

  34. 	}	
    35. 

  35. }
    36. 

  36. 

  37. /* verify post */
    38. 

  38. CheckReferrer();
    39. 

  39. 

  40. /* get all settings */
    41. 

  41. $settings = getAllSettings();
    42. 

  42. 

  43. /* get section details */
    44. 

  44. $section = getSectionDetailsById($_POST['sectionId']);
    45. 

  45. 

  46. //custom
    47. 

  47. $myFields = getCustomFields('subnets');
    48. 

  48. if(sizeof($myFields) > 0) {
    49. 

  49. 	foreach($myFields as $myField) {
    50. 

  50. 		# replace possible ___ back to spaces!
    51. 

  51. 		$myField['nameTest']      = str_replace(" ", "___", $myField['name']);
    52. 

  52. 		
    53. 

  53. 		if(isset($_POST[$myField['nameTest']])) { $_POST[$myField['name']] = $_POST[$myField['nameTest']];}
    54. 

  54. 	}
    55. 

  55. }
    56. 

  56. 

  57. 

  58. //we need old values for mailing
    59. 

  59. if($_POST['action']=="edit" || $_POST['action']=="delete") {
    60. 

  60. 	$old = getSubnetDetailsById($_POST['subnetId']);
    61. 

  61. }
    62. 

  62. $new = $_POST;
    63. 

  63. unset ($new['subnet'],$new['allowRequests'],$new['showName'],$new['pingSubnet'],$new['discoverSubnet']);
    64. 

  64. unset ($old['subnet'],$old['allowRequests'],$old['showName'],$old['pingSubnet'],$old['discoverSubnet']);
    65. 

  65. 

  66. 

  67. /* sanitize description */
    68. 

  68. $_POST['description'] = htmlentities($_POST['description'], ENT_COMPAT | ENT_HTML401, "UTF-8");	//prevent XSS
    69. 

  69. 

  70. /* Set permissions for add! */
    71. 

  71. if($_POST['action'] == "add") {
    72. 

  72. 	# root
    73. 

  73. 	if($_POST['masterSubnetId'] == 0) {
    74. 

  74. 		$_POST['permissions'] = $section['permissions'];
    75. 

  75. 	}
    76. 

  76. 	# nested - inherit parent permissions
    77. 

  77. 	else {
    78. 

  78. 		# get parent
    79. 

  79. 		$parent = getSubnetDetailsById($_POST['masterSubnetId']);
    80. 

  80. 		$_POST['permissions'] = $parent['permissions'];
    81. 

  81. 	}
    82. 

  82. }
    83. 

  83. 

  84. # check for name length - 2 is minimum!
    85. 

  85. if(strlen($_POST['description'])<2 && $_POST['action']!="delete") {
    86. 

  86. 	die("<div class='alert alert alert-danger'>"._('Folder name must have at least 2 characters')."!</div>");
    87. 

  87. }
    88. 

  88. 

  89. # set folder flag!
    90. 

  90. $_POST['isFolder'] = true;
    91. 

  91. 

  92. 

  93. # failed
    94. 

  94. if ($_POST['action']=="delete" && !isset($_POST['deleteconfirm'])) {
    95. 

  95. 	# for ajax to prevent reload
    96. 

  96. 	print "<div style='display:none'>alert alert-danger</div>";
    97. 

  97. 	# result
    98. 

  98. 	print "<div class='alert alert-warning'>";
    99. 

  99. 	# print what will be deleted
    100. 

  100. 	getAllSlaves($_POST['subnetId'], false);
    101. 

  101. 	$removeSlaves = array_unique($removeSlaves);
    102. 

  102. 	# check if folder?
    103. 

  103. 	$foldercnt = 0;
    104. 

  104. 	$subnetcnt = 0;
    105. 

  105. 	foreach($removeSlaves as $s) {
    106. 

  106. 		$f=getSubnetDetailsById($s);
    107. 

  107. 		if($f['isFolder']==1)	$foldercnt++;
    108. 

  108. 		else					$subnetcnt++;
    109. 

  109. 	}
    110. 

  110. 	$ipcnt  = countAllSlaveIPAddresses($_POST['subnetId']);
    111. 

  111. 	print "<strong>"._("Warning")."</strong>: "._("I will delete").":<ul>";
    112. 

  112. 	print "	<li>$foldercnt "._("folders")."</li>";
    113. 

  113. 	if($subnetcnt>0) {
    114. 

  114. 	print "	<li>$subnetcnt "._("subnets")."</li>";
    115. 

  115. 	}
    116. 

  116. 	if($ipcnt>0) {
    117. 

  117. 	print "	<li>$ipcnt "._("IP addresses")."</li>";
    118. 

  118. 	}
    119. 

  119. 	print "</ul>";
    120. 

  120. 	
    121. 

  121. 	print "<hr><div style='text-align:right'>";
    122. 

  122. 	print _("Are you sure you want to delete above items?")." ";
    123. 

  123. 	print "<div class='btn-group'>";
    124. 

  124. 	print "	<a class='btn btn-sm btn-danger editFolderSubmitDelete' id='editFolderSubmitDelete' data-subnetId='".$_POST['subnetId']."'>"._("Confirm")."</a>";
    125. 

  125. 	print "</div>";
    126. 

  126. 	print "</div>";
    127. 

  127. 	print "</div>";
    128. 

  128. }
    129. 

  129. else {
    130. 

  130. 		if (!modifySubnetDetails ($_POST)) 		{ print '<div class="alert alert alert-danger">'._('Error adding new folder').'!</div>'; }
    131. 

  131. 	# all good
    132. 

  132. 	else {
    133. 

  133. 

  134.     	/* @mail functions ------------------- */
    135. 

  135. 		include_once('../../functions/functions-mail.php');
    136. 

  136. 		sendObjectUpdateMails("folder", $_POST['action'], $old, $new);
    137. 

  137. 		
    138. 

  138. 		if($_POST['action'] == "delete") 	{ print '<div class="alert alert-success">'._('Folder, IP addresses and all belonging subnets deleted successfully').'!</div>'; } 
    139. 

  139. 		else 								{ print '<div class="alert alert-success">'._("Folder $_POST[action] successfull").'!</div>';  }
    140. 

  140. 	}
    141. 

  141. }
    142. 

  142. 

  143. ?>
    144.