1<?php
2
3/**
4 * Script to confirm / reject IP address request
5 ***********************************************/
6
7/* functions */
8require_once( dirname(__FILE__) . '/../../../functions/functions.php' );
9
10# initialize user object
11$Database 	= new Database_PDO;
12$User 		= new User ($Database);
13$Admin	 	= new Admin ($Database, false);
14$Addresses	= new Addresses ($Database);
15$Subnets	= new Subnets ($Database);
16$Tools		= new Tools ($Database);
17$Result 	= new Result ();
18
19# verify that user is logged in
20$User->check_user_session();
21# check maintaneance mode
22$User->check_maintaneance_mode ();
23
24# strip input tags
25$_POST = $Admin->strip_input_tags($_POST);
26
27# validate csrf cookie
28$User->Crypto->csrf_cookie ("validate", "requests", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
29
30# verify permissions
31if($Subnets->check_permission($User->user, $_POST['subnetId']) != 3)	{ $Result->show("danger", _('You do not have permissions to process this request')."!", true); }
32
33# fetch custom fields
34$custom = $Tools->fetch_custom_fields('ipaddresses');
35if(sizeof($custom) > 0) {
36	foreach($custom as $myField) {
37		if(isset($_POST[$myField['name']])) { $_POST[$myField['name']] = $_POST[$myField['name']];}
38	}
39}
40
41# fetch subnet
42$subnet = (array) $Admin->fetch_object("subnets", "id", $_POST['subnetId']);
43
44/* if action is reject set processed and accepted to 1 and 0 */
45if($_POST['action'] == "reject") {
46	//set reject values
47	$values = array("id"=>$_POST['requestId'],
48					"processed"=>1,
49					"accepted"=>0,
50					"adminComment"=>@$_POST['adminComment']
51					);
52	if(!$Admin->object_modify("requests", "edit", "id", $values))		{ $Result->show("danger",  _("Failed to reject IP request"), true); }
53	else																{ $Result->show("success", _("Request has beed rejected"), false); }
54
55	# send mail
56	$Tools->ip_request_send_mail ("reject", $_POST);
57}
58/* accept */
59else {
60	// fetch subnet
61	$subnet_temp = $Addresses->transform_to_dotted ($subnet['subnet'])."/".$subnet['mask'];
62
63	//verify IP and subnet
64	$Addresses->verify_address( $Addresses->transform_address($_POST['ip_addr'], "dotted"), $subnet_temp, false, true);
65
66	//check if already existing and die
67	if ($Addresses->address_exists($Addresses->transform_address($_POST['ip_addr'], "decimal"), $subnet['id'])) { $Result->show("danger", _('IP address already exists'), true); }
68
69	//insert to ipaddresses table
70	$values = array(
71					"action"      =>"add",
72					"ip_addr"     =>$Addresses->transform_address($_POST['ip_addr'],"decimal"),
73					"subnetId"    =>$_POST['subnetId'],
74					"description" =>@$_POST['description'],
75					"hostname"    =>@$_POST['hostname'],
76					"mac"         =>@$_POST['mac'],
77					"owner"       =>@$_POST['owner'],
78					"state"       =>@$_POST['state'],
79					"switch"      =>@$_POST['switch'],
80					"port"        =>@$_POST['port'],
81					"note"        =>@$_POST['note']
82					);
83	if(!$Addresses->modify_address($values))	{ $Result->show("danger",  _("Failed to create IP address"), true); }
84
85	//accept message
86	$values2 = array("id"=>$_POST['requestId'],
87					"processed"=>1,
88					"accepted"=>1,
89					"adminComment"=>$comment
90					);
91	if(!$Admin->object_modify("requests", "edit", "id", $values2))		{ $Result->show("danger",  _("Cannot confirm IP address"), true); }
92	else																{ $Result->show("success", _("IP request accepted/rejected"), false); }
93
94
95	# send mail
96
97	//save subnt
98	$tmp['subnetId'] = $_POST['subnetId'];
99	unset($_POST['subnetId']);
100	// gateway
101	$gateway=$Subnets->find_gateway ($tmp['subnetId']);
102	if($gateway !== false) { $tmp['gateway'] = $Subnets->transform_address($gateway->ip_addr,"dotted"); }
103	//set vlan
104	$vlan = $Tools->fetch_object ("vlans", "vlanId", $subnet['vlanId']);
105	$tmp['vlan'] = $vlan==false ? "" : $vlan->number." - ".$vlan->description;
106	//set dns
107	$dns = $Tools->fetch_object ("nameservers", "id", $subnet['nameserverId']);
108	$tmp['dns'] = $dns==false ? "" : $dns->description." <br> ".str_replace(";", ", ", $dns->namesrv1);
109
110	$_POST = array_merge($tmp, $_POST);
111
112	$Tools->ip_request_send_mail ("accept", $_POST);
113}