NathanGibbs3 / BASE / 584

pending completion

Build # 584

Build Type

push

travis-ci-com

Committed by

NathanGibbs3

Commit Message

20230412 Fix CI build breakage.
         Related Issue(s) #158

Run Details

2 of 2 new or added lines in 1 file covered. (100.0%)

2594 of 16816 relevant lines covered (15.43%)

20.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/base_ag_main.php

<?php
// Basic Analysis and Security Engine (BASE)
// Copyright (C) 2019-2023 Nathan Gibbs
// Copyright (C) 2004 BASE Project Team
// Copyright (C) 2000 Carnegie Mellon University
//
//   For license info: See the file 'base_main.php'
//
//       Project Lead: Nathan Gibbs
// Built upon work by: Kevin Johnson & the BASE Project Team
//                     Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
//
//            Purpose: Maintenance & configuration page for managing
//                     Alert Groups (AG)
//
//              Input: GET/POST variables
//                     - ag_action:
//                     - ag_id:
//                     - submit:
//
//          Author(s): Nathan Gibbs
//                     Kevin Johnson

require("base_conf.php");
include_once("$BASE_path/includes/base_constants.inc.php");
include("$BASE_path/includes/base_include.inc.php");
  include_once("$BASE_path/base_db_common.php");
  include_once("$BASE_path/base_qry_common.php");
  include_once("$BASE_path/base_ag_common.php");

AuthorizedRole(10000);
$et = new EventTiming($debug_time_mode);
$db = NewBASEDBConnection($DBlib_path, $DBtype); // Connect to Alert DB.
$db->baseDBConnect(
        $db_connect_method,$alert_dbname, $alert_host, $alert_port, $alert_user,
        $alert_password
);
UpdateAlertCache($db);
if ( class_exists('UILang') ){ // Issue 11 backport shim.
        $CPSig = $UIL->CWA['Sig'];
        $CPSA = $UIL->CPA['SrcAddr'];
        $CPDA = $UIL->CPA['DstAddr'];
        $CPTs = $UIL->CWA['Ts'];
}else{
        $CPSig = _SIGNATURE;
        $CPSA = _NBSOURCEADDR;
        $CPDA = _NBDESTADDR;
        $CPTs = _TIMESTAMP;
}

$AdminAuth = AuthorizedRole(50); // AG-Editor
  $cs = new CriteriaState("base_ag_main.php");
  $cs->ReadState();
  $qs = new QueryState();
  $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(_SELECTED, _ALLONSCREEN, _ENTIREQUERY));
  $ag_action = ImportHTTPVar("ag_action", VAR_ALPHA | VAR_USCORE);
  $ag_id = filterSql(ImportHTTPVar("ag_id", VAR_DIGIT));
  $ag_name = filterSql(ImportHTTPVar("ag_name"));
  $ag_desc = filterSql(ImportHTTPVar("ag_desc"));
  $page_title = _AGMAINTTITLE;
  PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), $refresh_all_pages);

if ( is_numeric($submit) ){ // A browsing button was clicked.
        if ( $debug_mode > 0 ){
                ErrorMessage("Browsing Clicked ($submit)");
        }
        $qs->MoveView($submit);
        $ag_action = "view";
}
$Hrst = "<a href='base_ag_main.php?ag_action=";
$Sep = ' | ';
NLIO("<div style='margin:auto'>");
NLIO($Hrst."list'>"._LISTALL.'</a>',4);
if ( $AdminAuth ){
        NLIO($Sep.$Hrst."create'>"._CREATE.'</a>',4);
}
NLIO($Sep.$Hrst."view'>"._VIEW.'</a>',4);
if ( $AdminAuth ){
        NLIO($Sep.$Hrst."edit'>"._EDIT.'</a>',4);
        NLIO($Sep.$Hrst."delete'>"._DELETE.'</a>',4);
}
NLIO($Sep.$Hrst."clear'>"._CLEAR.'</a>',4);
NLIO('</div>');
NLIO('<hr/>');
NLIO("<form name='PacketForm' action='base_ag_main.php' method='post'>");
if ( $debug_mode > 0 ){
        $TK = array ( 'ag_action', 'submit', 'ag_id' );
        $DI = array();
        $DD = array();
        foreach ( $TK as $val ){
                array_push($DD, $val);
                array_push($DI, $$val);
        }
        DDT($DI,$DD,'Request Vars','',25);
}
$qs->AddValidAction("del_alert");
$qs->AddValidAction("email_alert");
$qs->AddValidAction("email_alert2");
$qs->AddValidAction("clear_alert");
  
$qs->AddValidActionOp(_SELECTED);
$qs->AddValidActionOp(_ALLONSCREEN);
$qs->AddValidActionOp(_ENTIREQUERY);

$qs->SetActionSQL("SELECT ag_sid, ag_cid FROM acid_ag_alert WHERE ag_id='".$ag_id."'");
$et->Mark("Initialization");
$qs->RunAction($submit, PAGE_QRY_AG, $db);
$et->Mark("Alert Action");
switch ($ag_action) {
    case "create" :
        echo '<h3>'._CREATEGROUPS.'</h3>';
        break;
    
    case "view" :
        echo '<h3>'._VIEWGROUPS.'</h3>';
        break;
    
    case ("edit" || "save") :
        echo '<h3>'._EDITGROUPS.'</h3>';
        break;
        
    case ("delete" || "delete_confirm") :
        echo '<h3>'._DELETEGROUPS.'</h3>';
        break;
        
    case ("clear" || "clear_confirm") :
        echo '<h3>'._CLEARGROUPS.'</h3>';
        break;
    
    case "list" :
        echo '<h3>'._LISTGROUPS.'</h3>';
        break;
        
    default :
        $ag_action = "list";
}

if ($submit != "") {
    if ($ag_action == "create") {
        $ag_id = CreateAG($db, $ag_name, $ag_desc);
        $ag_action = "view";
    } else if ($ag_action == "save") {
        $sql = "UPDATE acid_ag " .
            "SET ag_name='".$ag_name."', ag_desc='".$ag_desc."' ".
            "WHERE ag_id='".$ag_id."'";
        $db->baseExecute($sql, -1, -1, false);
        if ($db->baseErrorMessage() != "") {
           FatalError(_ERRAGUPDATE);
        }

        $ag_action = "view";
    } else if ($ag_action == "delete_confirm") {
        /* Delete the packet list associated with the AG */
        $sql = "DELETE FROM acid_ag_alert WHERE ag_id='".$ag_id."'";
        $db->baseExecute($sql, -1, -1, false);
        if ($db->baseErrorMessage() != "") {
            FatalError(_ERRAGPACKETLIST." ".$sql);
        }
        
        /* Delete the AG */
        $sql = "DELETE FROM acid_ag WHERE ag_id='".$ag_id."'";
        $db->baseExecute($sql, -1, -1, false);
        if ( $db->baseErrorMessage() != "" ) {
            FatalError(_ERRAGDELETE.$sql);
        }
        
    } else if ($ag_action == "clear_confirm") {
        /* Delete the packet list associated with the AG */
        $sql = "DELETE FROM acid_ag_alert WHERE ag_id='".$ag_id."'";
        $db->baseExecute($sql, -1, -1, false);
        if ($db->baseErrorMessage() != "") {
            FatalError(_ERRAGPACKETLIST." ".$sql);
        }
        
        $ag_action = "view";
    }

    if ($ag_action == "delete_confirm") {
        ErrorMessage("<strong>"._AGDELETE."</strong>");
        $ag_action = "view";
        $ag_name = $ag_desc = "<em>"._AGDELETEINFO."</em>";
    } else {
        /* Re-Query the information to print the AG info out */
        if ($ag_id > 0) {
            $sql = "SELECT ag_id, ag_name, ag_desc FROM acid_ag WHERE ag_id='".$ag_id."'";
        } else {
            $sql = "SELECT ag_id, ag_name, ag_desc FROM acid_ag WHERE ag_name='".$ag_name."'";
        }
     
        $result = $db->baseExecute($sql, -1, -1, false);
        if ($db->baseErrorMessage() != "") {
            ErrorMessage(_ERRAGSEARCHINV);
            $submit = "";
        } else if ( $result->baseRecordCount() < 1 ) {
            ErrorMessage(_ERRAGSEARCHNOTFOUND.$sql);
            $submit = "";
        } else {
            $myrow = $result->baseFetchRow();
            $ag_id = $myrow[0];
            $ag_name = $myrow[1];
            $ag_desc = $myrow[2]; 
        }
    }
}

if ($ag_action == "list") {
    $sql = "SELECT ag_id, ag_name, ag_desc FROM acid_ag";
    $result = $db->baseExecute($sql);
    $num = $result->baseRecordCount();
    if ($num < 1) {
        echo "<div style='margin:auto'><strong>"._NOALERTGOUPS."</strong></div>";
    } else {
        echo '
             <table border="1" style="border-spacing:0;padding:0" width="100%">
             <tr>
               <td class="plfieldhdr">'._ID.'</td>
               <td class="plfieldhdr">'._NAME.'</td>
               <td class="plfieldhdr">'._NUMALERTS.'</td>
               <td class="plfieldhdr">'._DESC.'</td>
               <td class="plfieldhdr">'._ACTIONS;

                PrintTblNewRow( 0, '');
                $Hrsfx = "&amp;submit=x'>";
        for ($i = 0; $i < $num; $i++) {
            $myrow = $result->baseFetchRow();
                        $AOA = urlencode($myrow[0]); // ActOnAG

            /* count the number of alerts in the AG */
            $result2 = $db->baseExecute("SELECT count(ag_cid) FROM acid_ag_alert WHERE ag_id='".$myrow[0]."'");
            $myrow2 = $result2->baseFetchRow();
            $num_alerts = $myrow2[0];
            $result2->baseFreeRows();

echo '                    <td class="plfield">
                      <a href="base_ag_main.php?ag_action=view&amp;ag_id='.htmlspecialchars($myrow[0]).'&amp;submit=x">'.htmlspecialchars($myrow[0]).'</a></td>
                      <td class="plfield">'.htmlspecialchars($myrow[1]).'</TD>
                      <td class="plfield">'.$num_alerts.'</TD>
                      <td class="plfield">'.htmlspecialchars($myrow[2]).'</TD>
                      <td class="plfield">';

                        if ( $AdminAuth ){
                                NLIO($Hrst."edit&amp;ag_id=".$AOA.$Hrsfx._EDIT.'</a>',4);
                                NLIO($Sep.$Hrst."delete&amp;ag_id=".$AOA.$Hrsfx._DELETE.'</a>',4);
                                NLIO($Sep,4);
                        }
                        NLIO($Hrst."clear&amp;ag_id=".$AOA.$Hrsfx._CLEAR.'</a>',4);
                        PrintTblNewRow( 0, '');
                }
        echo '</table>';
        $result->baseFreeRows();
        }
}

if ($ag_action != "list") {
    echo '<table width="100%" border="2" class="query">
          <tr>
           <td width="10%"><strong>ID #</strong></td>
           <td>';

    if ($ag_action == "create" && $submit == "") {
        echo '&nbsp;<em> '._NOTASSIGN.' </em>&nbsp';
    } else if ($submit == "") {
        echo '<input type="text" name="ag_id" value="'.htmlspecialchars($ag_id).'">';
    } else if ( ($ag_action == "view" || $ag_action == "edit" || $ag_action == "delete" || $ag_action == "clear") && $submit != "" ) {
        echo '<input type="hidden" name="ag_id" value="'.htmlspecialchars($ag_id).'">';
        echo $ag_id;
    }

    echo ' </td>
         <tr>
           <td valign="top"><strong>'._NAME.'</strong></td>
           <td>';

    if ($ag_action == "create" && $submit == "") {
        echo '<input type="text" name="ag_name" size="40" value="'.htmlspecialchars($ag_name).'">';
    } else if ($submit == "") {
        echo '<select name="ag_name">
              <option value="">{ AG Name }';
        $sql = "select ag_name FROM acid_ag;";
        $result = $db->baseExecute($sql);
        if ($result) {
             while ($myrow = $result->baseFetchRow()) {
                echo '<option value="'.htmlspecialchars($myrow[0]).'">'.htmlspecialchars($myrow[0]);
             }

             $result->baseFreeRows();
        }

        echo '</select>';
    } else if ( $ag_action == "edit" && $submit != "" ) {
        echo '<input type="text" name="ag_name" size="40" value="'.htmlspecialchars($ag_name).'">';
    } else if ( ($ag_action == "view" || $ag_action == "delete" || $ag_action = "clear") && $submit != "" ) {
        echo htmlspecialchars($ag_name);
    }

    echo ' </td>';
     
    if ( ($ag_action == "create" && $submit == "") || (($ag_action == "view" || $ag_action == "edit" || $ag_action == "delete" || $ag_action == "clear") && $submit != "" )) {
        echo '
        <tr>
         <td valign="top"><strong>'._DESC.'</strong></td>
         <td>';

        if ( $ag_action == "create" && $submit == "" ) {
            echo '<textarea name="ag_desc" cols="70" rows=4>'.htmlspecialchars($ag_desc).'</textarea>';
        } else if ( $ag_action == "edit" && $submit != "" ) {
            echo '<textarea name="ag_desc" cols="70" rows=4>'.htmlspecialchars($ag_desc).'</textarea>';
        } else if ( ($ag_action == "view" || $ag_action == "delete" ||$ag_action == "clear") && $submit != "" ) {
            echo(htmlspecialchars($ag_desc));
        }

        echo '
             </td>
           </tr>';
    }

    echo '</table>';
    /* Print the Appropriate button */
    if ( $submit == "" || $ag_action == "edit" || $ag_action == "delete" || $ag_action == "clear" ) {
        echo '<div style="margin:auto">';
        if ($ag_action == "create" ) {
            $button_text = _CREATEGROUPS;
        } else if ($ag_action == "view" ) {
            $button_text = _VIEWGROUPS;
        } else if ($ag_action == "edit" && $submit == "") {
            $button_text = _EDITGROUPS;
        } else if ($ag_action == "edit" && $submit != "") {
            $button_text = _SAVECHANGES;  $ag_action = "save";
        } else if ($ag_action == "delete" && $submit == "") {
            $button_text = _DELETEGROUPS;
        } else if ($ag_action == "delete" && $submit != "") {
            $button_text = _CONFIRMDELETE; $ag_action = "delete_confirm";
        } else if ($ag_action == "clear" && $submit == "") {
            $button_text = _CLEARGROUPS;
        } else if ($ag_action == "clear" && $submit != "") {
            $button_text = _CONFIRMCLEAR; $ag_action = "clear_confirm";
        }
    
        echo '<input type="submit" name="submit" value="'.$button_text.'">';
        echo '</div>';
    }
} // if ($ag_action != "list")
    
echo '<input type="hidden" name="ag_action" value="'.htmlspecialchars($ag_action).'">';
if ( $ag_action == "view" && $submit != "" ) {
    /* Calculate the Number of Alerts */
    $cnt_sql = "SELECT count(ag_sid) FROM acid_ag_alert WHERE ag_id='".$ag_id."'";
    $save_sql = "SELECT acid_event.sid, acid_event.cid, signature, timestamp, ".
         "ip_src, ip_dst, ip_proto ".
         "FROM acid_event ".
         "LEFT JOIN acid_ag_alert ON acid_event.sid=ag_sid AND acid_event.cid=ag_cid ".
         "WHERE acid_event.cid > '0' AND ag_id = '".$ag_id."'";
    $printing_ag = true;
    $ag = $ag_id;
    include("$BASE_path/base_qry_sqlcalls.php");
}

$qs->SaveState();
 
/* Export action_arg = current AG ID, so that Actions work */
ExportHTTPVar($ag_id, "action_arg");
echo "\n</form>\n";
$et->Mark("Get Query Elements");
PrintBASESubFooter();
?>

1	<?php
2	// Basic Analysis and Security Engine (BASE)
3	// Copyright (C) 2019-2023 Nathan Gibbs
4	// Copyright (C) 2004 BASE Project Team
5	// Copyright (C) 2000 Carnegie Mellon University
6	//
7	// For license info: See the file 'base_main.php'
8	//
9	// Project Lead: Nathan Gibbs
10	// Built upon work by: Kevin Johnson & the BASE Project Team
11	// Roman Danyliw <rdd@cert.org>, <roman@danyliw.com>
12	//
13	// Purpose: Maintenance & configuration page for managing
14	// Alert Groups (AG)
15	//
16	// Input: GET/POST variables
17	// - ag_action:
18	// - ag_id:
19	// - submit:
20	//
21	// Author(s): Nathan Gibbs
22	// Kevin Johnson
23
24	require("base_conf.php");	×
25	include_once("$BASE_path/includes/base_constants.inc.php");	×
26	include("$BASE_path/includes/base_include.inc.php");	×
27	include_once("$BASE_path/base_db_common.php");	×
28	include_once("$BASE_path/base_qry_common.php");	×
29	include_once("$BASE_path/base_ag_common.php");	×
30
31	AuthorizedRole(10000);	×
32	$et = new EventTiming($debug_time_mode);	×
33	$db = NewBASEDBConnection($DBlib_path, $DBtype); // Connect to Alert DB.	×
34	$db->baseDBConnect(	×
35	$db_connect_method,$alert_dbname, $alert_host, $alert_port, $alert_user,
36	$alert_password
37	);
38	UpdateAlertCache($db);	×
39	if ( class_exists('UILang') ){ // Issue 11 backport shim.	×
40	$CPSig = $UIL->CWA['Sig'];	×
41	$CPSA = $UIL->CPA['SrcAddr'];	×
42	$CPDA = $UIL->CPA['DstAddr'];	×
43	$CPTs = $UIL->CWA['Ts'];	×
44	}else{	×
45	$CPSig = _SIGNATURE;	×
46	$CPSA = _NBSOURCEADDR;	×
47	$CPDA = _NBDESTADDR;	×
48	$CPTs = _TIMESTAMP;	×
49	}
50
51	$AdminAuth = AuthorizedRole(50); // AG-Editor	×
52	$cs = new CriteriaState("base_ag_main.php");	×
53	$cs->ReadState();	×
54	$qs = new QueryState();	×
55	$submit = ImportHTTPVar("submit", VAR_ALPHA \| VAR_SPACE, array(_SELECTED, _ALLONSCREEN, _ENTIREQUERY));	×
56	$ag_action = ImportHTTPVar("ag_action", VAR_ALPHA \| VAR_USCORE);	×
57	$ag_id = filterSql(ImportHTTPVar("ag_id", VAR_DIGIT));	×
58	$ag_name = filterSql(ImportHTTPVar("ag_name"));	×
59	$ag_desc = filterSql(ImportHTTPVar("ag_desc"));	×
60	$page_title = _AGMAINTTITLE;	×
61	PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), $refresh_all_pages);	×
62
63	if ( is_numeric($submit) ){ // A browsing button was clicked.	×
64	if ( $debug_mode > 0 ){	×
65	ErrorMessage("Browsing Clicked ($submit)");	×
66	}
67	$qs->MoveView($submit);	×
68	$ag_action = "view";	×
69	}
70	$Hrst = "<a href='base_ag_main.php?ag_action=";	×
71	$Sep = ' \| ';	×
72	NLIO("<div style='margin:auto'>");	×
73	NLIO($Hrst."list'>"._LISTALL.'</a>',4);	×
74	if ( $AdminAuth ){	×
75	NLIO($Sep.$Hrst."create'>"._CREATE.'</a>',4);	×
76	}
77	NLIO($Sep.$Hrst."view'>"._VIEW.'</a>',4);	×
78	if ( $AdminAuth ){	×
79	NLIO($Sep.$Hrst."edit'>"._EDIT.'</a>',4);	×
80	NLIO($Sep.$Hrst."delete'>"._DELETE.'</a>',4);	×
81	}
82	NLIO($Sep.$Hrst."clear'>"._CLEAR.'</a>',4);	×
83	NLIO('</div>');	×
84	NLIO('<hr/>');	×
85	NLIO("<form name='PacketForm' action='base_ag_main.php' method='post'>");	×
86	if ( $debug_mode > 0 ){	×
87	$TK = array ( 'ag_action', 'submit', 'ag_id' );	×
88	$DI = array();	×
89	$DD = array();	×
90	foreach ( $TK as $val ){	×
91	array_push($DD, $val);	×
92	array_push($DI, $$val);	×
93	}
94	DDT($DI,$DD,'Request Vars','',25);	×
95	}
96	$qs->AddValidAction("del_alert");	×
97	$qs->AddValidAction("email_alert");	×
98	$qs->AddValidAction("email_alert2");	×
99	$qs->AddValidAction("clear_alert");	×
100
101	$qs->AddValidActionOp(_SELECTED);	×
102	$qs->AddValidActionOp(_ALLONSCREEN);	×
103	$qs->AddValidActionOp(_ENTIREQUERY);	×
104
105	$qs->SetActionSQL("SELECT ag_sid, ag_cid FROM acid_ag_alert WHERE ag_id='".$ag_id."'");	×
106	$et->Mark("Initialization");	×
107	$qs->RunAction($submit, PAGE_QRY_AG, $db);	×
108	$et->Mark("Alert Action");	×
109	switch ($ag_action) {	×
110	case "create" :	×
111	echo '<h3>'._CREATEGROUPS.'</h3>';	×
112	break;	×
113
114	case "view" :	×
115	echo '<h3>'._VIEWGROUPS.'</h3>';	×
116	break;	×
117
118	case ("edit" \|\| "save") :	×
119	echo '<h3>'._EDITGROUPS.'</h3>';	×
120	break;	×
121
122	case ("delete" \|\| "delete_confirm") :	×
123	echo '<h3>'._DELETEGROUPS.'</h3>';	×
124	break;	×
125
126	case ("clear" \|\| "clear_confirm") :	×
127	echo '<h3>'._CLEARGROUPS.'</h3>';	×
128	break;	×
129
130	case "list" :	×
131	echo '<h3>'._LISTGROUPS.'</h3>';	×
132	break;	×
133
134	default :	×
135	$ag_action = "list";	×
136	}
137
138	if ($submit != "") {	×
139	if ($ag_action == "create") {	×
140	$ag_id = CreateAG($db, $ag_name, $ag_desc);	×
141	$ag_action = "view";	×
142	} else if ($ag_action == "save") {	×
143	$sql = "UPDATE acid_ag " .	×
144	"SET ag_name='".$ag_name."', ag_desc='".$ag_desc."' ".
145	"WHERE ag_id='".$ag_id."'";
146	$db->baseExecute($sql, -1, -1, false);	×
147	if ($db->baseErrorMessage() != "") {	×
148	FatalError(_ERRAGUPDATE);	×
149	}
150
151	$ag_action = "view";	×
152	} else if ($ag_action == "delete_confirm") {	×
153	/* Delete the packet list associated with the AG */
154	$sql = "DELETE FROM acid_ag_alert WHERE ag_id='".$ag_id."'";	×
155	$db->baseExecute($sql, -1, -1, false);	×
156	if ($db->baseErrorMessage() != "") {	×
157	FatalError(_ERRAGPACKETLIST." ".$sql);	×
158	}
159
160	/* Delete the AG */
161	$sql = "DELETE FROM acid_ag WHERE ag_id='".$ag_id."'";	×
162	$db->baseExecute($sql, -1, -1, false);	×
163	if ( $db->baseErrorMessage() != "" ) {	×
164	FatalError(_ERRAGDELETE.$sql);	×
165	}
166
167	} else if ($ag_action == "clear_confirm") {	×
168	/* Delete the packet list associated with the AG */
169	$sql = "DELETE FROM acid_ag_alert WHERE ag_id='".$ag_id."'";	×
170	$db->baseExecute($sql, -1, -1, false);	×
171	if ($db->baseErrorMessage() != "") {	×
172	FatalError(_ERRAGPACKETLIST." ".$sql);	×
173	}
174
175	$ag_action = "view";	×
176	}
177
178	if ($ag_action == "delete_confirm") {	×
179	ErrorMessage("<strong>"._AGDELETE."</strong>");	×
180	$ag_action = "view";	×
181	$ag_name = $ag_desc = "<em>"._AGDELETEINFO."</em>";	×
182	} else {	×
183	/* Re-Query the information to print the AG info out */
184	if ($ag_id > 0) {	×
185	$sql = "SELECT ag_id, ag_name, ag_desc FROM acid_ag WHERE ag_id='".$ag_id."'";	×
186	} else {	×
187	$sql = "SELECT ag_id, ag_name, ag_desc FROM acid_ag WHERE ag_name='".$ag_name."'";	×
188	}
189
190	$result = $db->baseExecute($sql, -1, -1, false);	×
191	if ($db->baseErrorMessage() != "") {	×
192	ErrorMessage(_ERRAGSEARCHINV);	×
193	$submit = "";	×
194	} else if ( $result->baseRecordCount() < 1 ) {	×
195	ErrorMessage(_ERRAGSEARCHNOTFOUND.$sql);	×
196	$submit = "";	×
197	} else {	×
198	$myrow = $result->baseFetchRow();	×
199	$ag_id = $myrow[0];	×
200	$ag_name = $myrow[1];	×
201	$ag_desc = $myrow[2];	×
202	}
203	}
204	}
205
206	if ($ag_action == "list") {	×
207	$sql = "SELECT ag_id, ag_name, ag_desc FROM acid_ag";	×
208	$result = $db->baseExecute($sql);	×
209	$num = $result->baseRecordCount();	×
210	if ($num < 1) {	×
211	echo "<div style='margin:auto'><strong>"._NOALERTGOUPS."</strong></div>";	×
212	} else {	×
213	echo '	×
214	<table border="1" style="border-spacing:0;padding:0" width="100%">
215	<tr>
216	<td class="plfieldhdr">'._ID.'</td>
217	<td class="plfieldhdr">'._NAME.'</td>
218	<td class="plfieldhdr">'._NUMALERTS.'</td>
219	<td class="plfieldhdr">'._DESC.'</td>
220	<td class="plfieldhdr">'._ACTIONS;
221
222	PrintTblNewRow( 0, '');	×
223	$Hrsfx = "&submit=x'>";	×
224	for ($i = 0; $i < $num; $i++) {	×
225	$myrow = $result->baseFetchRow();	×
226	$AOA = urlencode($myrow[0]); // ActOnAG	×
227
228	/* count the number of alerts in the AG */
229	$result2 = $db->baseExecute("SELECT count(ag_cid) FROM acid_ag_alert WHERE ag_id='".$myrow[0]."'");	×
230	$myrow2 = $result2->baseFetchRow();	×
231	$num_alerts = $myrow2[0];	×
232	$result2->baseFreeRows();	×
233
234	echo ' <td class="plfield">	×
235	<a href="base_ag_main.php?ag_action=view&ag_id='.htmlspecialchars($myrow[0]).'&submit=x">'.htmlspecialchars($myrow[0]).'</a></td>	×
236	<td class="plfield">'.htmlspecialchars($myrow[1]).'</TD>	×
237	<td class="plfield">'.$num_alerts.'</TD>
238	<td class="plfield">'.htmlspecialchars($myrow[2]).'</TD>	×
239	<td class="plfield">';
240
241	if ( $AdminAuth ){	×
242	NLIO($Hrst."edit&ag_id=".$AOA.$Hrsfx._EDIT.'</a>',4);	×
243	NLIO($Sep.$Hrst."delete&ag_id=".$AOA.$Hrsfx._DELETE.'</a>',4);	×
244	NLIO($Sep,4);	×
245	}
246	NLIO($Hrst."clear&ag_id=".$AOA.$Hrsfx._CLEAR.'</a>',4);	×
247	PrintTblNewRow( 0, '');	×
248	}
249	echo '</table>';	×
250	$result->baseFreeRows();	×
251	}
252	}
253
254	if ($ag_action != "list") {	×
255	echo '<table width="100%" border="2" class="query">	×
256	<tr>
257	<td width="10%"><strong>ID #</strong></td>
258	<td>';
259
260	if ($ag_action == "create" && $submit == "") {	×
261	echo ' <em> '._NOTASSIGN.' </em>&nbsp';	×
262	} else if ($submit == "") {	×
263	echo '<input type="text" name="ag_id" value="'.htmlspecialchars($ag_id).'">';	×
264	} else if ( ($ag_action == "view" \|\| $ag_action == "edit" \|\| $ag_action == "delete" \|\| $ag_action == "clear") && $submit != "" ) {	×
265	echo '<input type="hidden" name="ag_id" value="'.htmlspecialchars($ag_id).'">';	×
266	echo $ag_id;	×
267	}
268
269	echo ' </td>	×
270	<tr>
271	<td valign="top"><strong>'._NAME.'</strong></td>
272	<td>';
273
274	if ($ag_action == "create" && $submit == "") {	×
275	echo '<input type="text" name="ag_name" size="40" value="'.htmlspecialchars($ag_name).'">';	×
276	} else if ($submit == "") {	×
277	echo '<select name="ag_name">	×
278	<option value="">{ AG Name }';
279	$sql = "select ag_name FROM acid_ag;";	×
280	$result = $db->baseExecute($sql);	×
281	if ($result) {	×
282	while ($myrow = $result->baseFetchRow()) {	×
283	echo '<option value="'.htmlspecialchars($myrow[0]).'">'.htmlspecialchars($myrow[0]);	×
284	}
285
286	$result->baseFreeRows();	×
287	}
288
289	echo '</select>';	×
290	} else if ( $ag_action == "edit" && $submit != "" ) {	×
291	echo '<input type="text" name="ag_name" size="40" value="'.htmlspecialchars($ag_name).'">';	×
292	} else if ( ($ag_action == "view" \|\| $ag_action == "delete" \|\| $ag_action = "clear") && $submit != "" ) {	×
293	echo htmlspecialchars($ag_name);	×
294	}
295
296	echo ' </td>';	×
297
298	if ( ($ag_action == "create" && $submit == "") \|\| (($ag_action == "view" \|\| $ag_action == "edit" \|\| $ag_action == "delete" \|\| $ag_action == "clear") && $submit != "" )) {	×
299	echo '	×
300	<tr>
301	<td valign="top"><strong>'._DESC.'</strong></td>
302	<td>';
303
304	if ( $ag_action == "create" && $submit == "" ) {	×
305	echo '<textarea name="ag_desc" cols="70" rows=4>'.htmlspecialchars($ag_desc).'</textarea>';	×
306	} else if ( $ag_action == "edit" && $submit != "" ) {	×
307	echo '<textarea name="ag_desc" cols="70" rows=4>'.htmlspecialchars($ag_desc).'</textarea>';	×
308	} else if ( ($ag_action == "view" \|\| $ag_action == "delete" \|\|$ag_action == "clear") && $submit != "" ) {	×
309	echo(htmlspecialchars($ag_desc));	×
310	}
311
312	echo '	×
313	</td>
314	</tr>';
315	}
316
317	echo '</table>';	×
318	/* Print the Appropriate button */
319	if ( $submit == "" \|\| $ag_action == "edit" \|\| $ag_action == "delete" \|\| $ag_action == "clear" ) {	×
320	echo '<div style="margin:auto">';	×
321	if ($ag_action == "create" ) {	×
322	$button_text = _CREATEGROUPS;	×
323	} else if ($ag_action == "view" ) {	×
324	$button_text = _VIEWGROUPS;	×
325	} else if ($ag_action == "edit" && $submit == "") {	×
326	$button_text = _EDITGROUPS;	×
327	} else if ($ag_action == "edit" && $submit != "") {	×
328	$button_text = _SAVECHANGES; $ag_action = "save";	×
329	} else if ($ag_action == "delete" && $submit == "") {	×
330	$button_text = _DELETEGROUPS;	×
331	} else if ($ag_action == "delete" && $submit != "") {	×
332	$button_text = _CONFIRMDELETE; $ag_action = "delete_confirm";	×
333	} else if ($ag_action == "clear" && $submit == "") {	×
334	$button_text = _CLEARGROUPS;	×
335	} else if ($ag_action == "clear" && $submit != "") {	×
336	$button_text = _CONFIRMCLEAR; $ag_action = "clear_confirm";	×
337	}
338
339	echo '<input type="submit" name="submit" value="'.$button_text.'">';	×
340	echo '</div>';	×
341	}
342	} // if ($ag_action != "list")
343
344	echo '<input type="hidden" name="ag_action" value="'.htmlspecialchars($ag_action).'">';	×
345	if ( $ag_action == "view" && $submit != "" ) {	×
346	/* Calculate the Number of Alerts */
347	$cnt_sql = "SELECT count(ag_sid) FROM acid_ag_alert WHERE ag_id='".$ag_id."'";	×
348	$save_sql = "SELECT acid_event.sid, acid_event.cid, signature, timestamp, ".	×
349	"ip_src, ip_dst, ip_proto ".
350	"FROM acid_event ".
351	"LEFT JOIN acid_ag_alert ON acid_event.sid=ag_sid AND acid_event.cid=ag_cid ".
352	"WHERE acid_event.cid > '0' AND ag_id = '".$ag_id."'";
353	$printing_ag = true;	×
354	$ag = $ag_id;	×
355	include("$BASE_path/base_qry_sqlcalls.php");	×
356	}
357
358	$qs->SaveState();	×
359
360	/* Export action_arg = current AG ID, so that Actions work */
361	ExportHTTPVar($ag_id, "action_arg");	×
362	echo "\n</form>\n";	×
363	$et->Mark("Get Query Elements");	×
364	PrintBASESubFooter();	×
365	?>

NathanGibbs3 / BASE / 584

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous