1<?php 2 3/** 4 * Script to confirm / reject IP address request 5 ***********************************************/ 6 7/* functions */ 8require_once( dirname(__FILE__) . '/../../../functions/functions.php' ); 9 10# initialize user object 11$Database = new Database_PDO; 12$User = new User ($Database); 13$Admin = new Admin ($Database, false); 14$Addresses = new Addresses ($Database); 15$Subnets = new Subnets ($Database); 16$Tools = new Tools ($Database); 17$Result = new Result (); 18 19# verify that user is logged in 20$User->check_user_session(); 21# check maintaneance mode 22$User->check_maintaneance_mode (); 23 24# strip input tags 25$_POST = $Admin->strip_input_tags($_POST); 26 27# validate csrf cookie 28$User->Crypto->csrf_cookie ("validate", "requests", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : ""; 29 30# verify permissions 31if($Subnets->check_permission($User->user, $_POST['subnetId']) != 3) { $Result->show("danger", _('You do not have permissions to process this request')."!", true); } 32 33# fetch custom fields 34$custom = $Tools->fetch_custom_fields('ipaddresses'); 35if(sizeof($custom) > 0) { 36 foreach($custom as $myField) { 37 if(isset($_POST[$myField['name']])) { $_POST[$myField['name']] = $_POST[$myField['name']];} 38 } 39} 40 41# fetch subnet 42$subnet = (array) $Admin->fetch_object("subnets", "id", $_POST['subnetId']); 43 44/* if action is reject set processed and accepted to 1 and 0 */ 45if($_POST['action'] == "reject") { 46 //set reject values 47 $values = array("id"=>$_POST['requestId'], 48 "processed"=>1, 49 "accepted"=>0, 50 "adminComment"=>@$_POST['adminComment'] 51 ); 52 if(!$Admin->object_modify("requests", "edit", "id", $values)) { $Result->show("danger", _("Failed to reject IP request"), true); } 53 else { $Result->show("success", _("Request has beed rejected"), false); } 54 55 # send mail 56 $Tools->ip_request_send_mail ("reject", $_POST); 57} 58/* accept */ 59else { 60 // fetch subnet 61 $subnet_temp = $Addresses->transform_to_dotted ($subnet['subnet'])."/".$subnet['mask']; 62 63 //verify IP and subnet 64 $Addresses->verify_address( $Addresses->transform_address($_POST['ip_addr'], "dotted"), $subnet_temp, false, true); 65 66 //check if already existing and die 67 if ($Addresses->address_exists($Addresses->transform_address($_POST['ip_addr'], "decimal"), $subnet['id'])) { $Result->show("danger", _('IP address already exists'), true); } 68 69 //insert to ipaddresses table 70 $values = array( 71 "action" =>"add", 72 "ip_addr" =>$Addresses->transform_address($_POST['ip_addr'],"decimal"), 73 "subnetId" =>$_POST['subnetId'], 74 "description" =>@$_POST['description'], 75 "hostname" =>@$_POST['hostname'], 76 "mac" =>@$_POST['mac'], 77 "owner" =>@$_POST['owner'], 78 "state" =>@$_POST['state'], 79 "switch" =>@$_POST['switch'], 80 "port" =>@$_POST['port'], 81 "note" =>@$_POST['note'] 82 ); 83 if(!$Addresses->modify_address($values)) { $Result->show("danger", _("Failed to create IP address"), true); } 84 85 //accept message 86 $values2 = array("id"=>$_POST['requestId'], 87 "processed"=>1, 88 "accepted"=>1, 89 "adminComment"=>$comment 90 ); 91 if(!$Admin->object_modify("requests", "edit", "id", $values2)) { $Result->show("danger", _("Cannot confirm IP address"), true); } 92 else { $Result->show("success", _("IP request accepted/rejected"), false); } 93 94 95 # send mail 96 97 //save subnt 98 $tmp['subnetId'] = $_POST['subnetId']; 99 unset($_POST['subnetId']); 100 // gateway 101 $gateway=$Subnets->find_gateway ($tmp['subnetId']); 102 if($gateway !== false) { $tmp['gateway'] = $Subnets->transform_address($gateway->ip_addr,"dotted"); } 103 //set vlan 104 $vlan = $Tools->fetch_object ("vlans", "vlanId", $subnet['vlanId']); 105 $tmp['vlan'] = $vlan==false ? "" : $vlan->number." - ".$vlan->description; 106 //set dns 107 $dns = $Tools->fetch_object ("nameservers", "id", $subnet['nameserverId']); 108 $tmp['dns'] = $dns==false ? "" : $dns->description." <br> ".str_replace(";", ", ", $dns->namesrv1); 109 110 $_POST = array_merge($tmp, $_POST); 111 112 $Tools->ip_request_send_mail ("accept", $_POST); 113}