<?php

include_once('include/class_history_links.inc');
include_once("include/dbconnect.php");
include_once("include/functions.php");
include_once("menu.html");

$config = new ReadConfig;
$general = $config->General('gui_debug');
if ($general['gui_debug'] == 1) {
	echo "<div align='center' class='orange'><h2><blink>Debug mode activated</blink></h2></div>\n";
}

$option = $_GET['option'];

if (isset($_GET['object'])) {
	$object = $_GET['object'];
}

if (isset($_GET['object_index'])) {
	$object_index = $_GET['object_index'];
}

switch ($object) {
case 'Host':
	$object_search = mysql_query ("SELECT host_id AS object_index, ip AS object_address, hostname AS object_name FROM hosts WHERE host_id = '$object_index'") or die (mysql_error());
	$draw_query = mysql_query ("SELECT host_id,r.range_id,s.sensor_id,ip as Ip,hostname as Hostname,sensor_name as Sensor,range as Range,DATE(FROM_UNIXTIME(d_last_scan)) as 'Last Scan',ping as 'Pings failed',priority as Priority,h.comment as Comment, host_id AS object_index, 'Host' AS object  FROM hosts h, sensors s, ranges r WHERE host_id = '$object_index' and h.range_id = r.range_id and r.sensor_id = s.sensor_id") or die (mysql_error());
	break;	
case 'Range':
	$object_search = mysql_query ("SELECT range_id AS object_index, range AS object_address, range_name AS object_name FROM ranges WHERE range_id = '$object_index'") or die (mysql_error());
	$draw_query = mysql_query ("SELECT range_id, range_name AS' Range Name', range AS Range, sensors.sensor_id, sensor_name AS 'Sensor', range_delay_scan AS 'Time between scans (days)', sensor_max_num_scan AS 'Max of simultaneous scans', sensor_stored_scans AS 'Max of stored scans', ranges.comment AS Comment, range_id AS object_index, 'Range' AS object  FROM ranges,sensors WHERE sensors.sensor_id = ranges.sensor_id AND range_id = $object_index") or die (mysql_error());
	break;
case 'Sensor':
	$object_search = mysql_query ("SELECT sensor_id AS object_index, '' AS object_address, sensor_name AS object_name FROM sensors WHERE sensor_id = $object_index") or die ('Querry search: ' . mysql_error());
	$draw_query = mysql_query ("SELECT sensor_id, sensor_name AS Sensor, cancerbero_sensor_ver AS 'Sensor version', sensor_loop AS 'Loop Mode', sensor_delay_scan AS 'Time between scans (days)', sensor_sweep_time AS 'Time between sweeps (seconds)', sensor_max_num_scan AS 'Max of simultaneous scans', sensor_stored_scans AS 'Max of stored scans', comment AS Comment, sensor_id AS object_index, 'Sensor' AS object FROM sensors WHERE sensor_id = $object_index") or die ('Querry failed: ' . mysql_error());
	break;		
case 'God':
	$object_search = mysql_query ("SELECT 0 AS object_index, 'god' AS object_address, '' AS object_name") or die (mysql_error());	
	break;
default:
}

$object_info = mysql_fetch_assoc ($object_search);
$info = ($object_info['object_name'])? $object_info['object_name']:$object_info['object_address'];

$ownerid = "";
$sum_mails_per_host = "";

if (isset($_GET['ownerid'])) {
	$ownerid = $_GET['ownerid'];
	$query = "SELECT email FROM owners WHERE owner_id = '$ownerid'";
        $result = mysql_query($query) or die (mysql_error());
	$line = mysql_fetch_array($result, MYSQL_ASSOC);
	$email = $line["email"];
}

if ($object == 'Host') {
	#$host_id = $object_index;
	$query = "SELECT ip,hostname  FROM hosts WHERE host_id = '$object_index'";
        $result = mysql_query($query) or die (mysql_error());
	$line = mysql_fetch_array($result, MYSQL_ASSOC);
	$ip = $line["ip"];
	$hostname = $line["hostname"];

	$query_sum = "SELECT count(*) AS Total FROM users WHERE host_id = '$object_index'";
	$result_sum = mysql_query($query_sum) or die (mysql_error());
	$line = mysql_fetch_array($result_sum, MYSQL_ASSOC);
	$sum_mails_per_host = $line["Total"];

	$query_table_users = "CREATE temporary table users_per_host SELECT email,count(*) as Mails,host_id FROM users WHERE host_id = '$object_index' group by email;";
	$result_table_users = mysql_query($query_table_users) or die (mysql_error());
}

if (isset($_GET['owner'])) {

	$owner = $_GET['owner'];
	$query = "SELECT owner_id FROM owners WHERE email = '$owner' ";
	#$query = "create temporary table premail select host_id, num_mails, email FROM users WHERE email like '$mail';";
	$result_owner = mysql_query($query) or die (mysql_error());
	$title="<h1>Data of the owner: \"$owner\"</h1>";
	$line = mysql_fetch_array($result_owner, MYSQL_ASSOC);
	$ownerid = $line["owner_id"];
}


switch($option)
{
	case "add_owners":
		# Add user owner to a host
		# Save data
		$save = "";
		$save_add = "";
		$object = "";
		$object_index = "";
		$useremail = "";
		$username = "";
		$usertel = "";
		$userroom = "";
		if (isset($_GET["save"])) $save = $_GET["save"];
		if (isset($_GET["save_add"])) $save_add = $_GET["save_add"];
		if (isset($_GET["object"])) $object = $_GET["object"];
		if (isset($_GET["object_index"])) $object_index = $_GET["object_index"];
		if (isset($_GET["useremail"])) $useremail = $_GET["useremail"];
		if (isset($_GET["name"]))  $username = $_GET["name"];
		if (isset($_GET["telephone"])) $usertel = $_GET["telephone"];
		if (isset($_GET["section"])) $userroom = $_GET["section"];

		if ( $save_add == "save" ) {

			$query = mysql_query("SELECT owner_id, name AS 'Owner Name', email AS 'Owner Email', telephone AS 'Telephone Number', section AS Room FROM owners WHERE email = '$useremail'") or die (mysql_error());
			$user_repeat = mysql_num_rows ($query);

			if ($username == "" || $useremail == "") {
				echo "<h1> ERROR: You must fill all the madatory fields</h1>";
				echo "	
				\t<form id='add_users' action='owners.php' method='get' onsubmit='return checkform(this);'>\n
				\t<h3>Name: <input class='input' type='text' name='name' value='$username' size='20' maxlength='100'>&nbsp;*</h3>\n
				\t<h3>eMail: <input class='input' type='text' name='useremail' value='$useremail' size='20' maxlength='100'>&nbsp;*</h3>\n
				\t<h3>Phone: <input class='input' type='text' name='telephone' size='20' maxlength='100'></h3>\n
				\t<h3>Room: <input class='input' type='text' name='section' size='20' maxlength='100'></h3>\n
				\t<input type='hidden' name='object_index' value='$object_index'>\n
				\t<input type='hidden' name='object' value='$object'>\n
				\t<input type='hidden' name='option' value='add_owners'>\n
				\t<div align='center'><input class='lowred' type='submit' name='save_add' value='save'></div>\n
				\t<h3>(*) Mandatory field.
				\t</form>\n
				";
				
				if ($object == 'host') {
					$return = 'host_form.php?view_type=view&host_id='.$object_index;
				} else {
					$return = '';
				}
				$return = 'owners.php?option=view_owners&owner='.$useremail.'&object='.$object.'&object_index='.$object_index;
				echo "<p>&nbsp;<p><div align='center'><h2><a href='$return'>Return to $object $info</a></h2></div>";

				break;
			} elseif ( $user_repeat != 0 ) {
				echo "<h1> ERROR: There is another user with the same mail address</h1>";
				echo "	
				\t<form id='add_users' action='owners.php' method='get' onsubmit='return checkform(this);'>\n
				\t<h3>Name: <input class='input' type='text' name='name' value='$username' size='20' maxlength='100'>&nbsp;*</h3>\n
				\t<h3>eMail: <input class='input' type='text' name='useremail' value='$useremail' size='20' maxlength='100'>&nbsp;*</h3>\n
				\t<h3>Phone: <input class='input' type='text' name='telephone' size='20' maxlength='100'></h3>\n
				\t<h3>Room: <input class='input' type='text' name='section' size='20' maxlength='100'></h3>\n
				\t<input type='hidden' name='object_index' value='$object_index'>\n
				\t<input type='hidden' name='object' value='$object'>\n
				\t<input type='hidden' name='option' value='add_owners'>\n
				\t<div align='center'><input class='lowred' type='submit' name='save_add' value='save'></div>\n
				\t<h3>(*) Mandatory field.
				\t</form>\n
				";

				$return = 'owners.php?option=view_owners&owner='.$useremail.'&object='.$object.'&object_index='.$object_index;
				echo "<p>&nbsp;<p><div align='center'><h2><a href='$return'>Return to $object $info</a></h2></div>";
	
				break;
			} else {
				$save = "save";
			}
			$add_owner = mysql_query("INSERT INTO owners (name,email,telephone,section) VALUES ('$username','$useremail','$userroom','$usertel')") or die (mysql_error());			
		}

		#Check if username exists.
		$query_check_owner = mysql_query("SELECT * FROM owners WHERE email = '$useremail'") or die (mysql_error());
		$line = mysql_fetch_assoc($query_check_owner);
		$useremaildb = $line["email"];
		if ( strcmp($useremaildb, $useremail) ) {
			echo "	
			\t<form id='add_users' action='owners.php' method='get' onsubmit='return checkform(this);'>\n
			\t<h3>Name: <input class='input' type='text' name='name' size='20' maxlength='100'>&nbsp;*</h3>\n
			\t<h3>eMail: <input class='input' type='text' name='useremail' value='$useremail' size='20' maxlength='100'>&nbsp;*</h3>\n
			\t<h3>Phone: <input class='input' type='text' name='telephone' size='20' maxlength='100'></h3>\n
			\t<h3>Room: <input class='input' type='text' name='section' size='20' maxlength='100'></h3>\n
			\t<input type='hidden' name='object_index' value='$object_index'>\n
			\t<input type='hidden' name='object' value='$object'>\n
			\t<input type='hidden' name='option' value='add_owners'>\n
			\t<div align='center'><input class='lowred' type='submit' name='save_add' value='save'></div>\n
			\t<h3>(*) Mandatory field.
			\t</form>\n
			";

			$return = 'owners.php?option=view_owners&owner='.$useremail.'&object='.$object.'&object_index='.$object_index;
			echo "<p>&nbsp;<p><div align='center'><h2><a href='$return'>Return to $object $info</a></h2></div>";

			break;
		}

		if ( $save == "save" ) {
			#Check if username exists.
			$query_check_owner = "SELECT * FROM owners WHERE email = '$useremail'";
			$result_check_owner = mysql_query($query_check_owner) or die (mysql_error());
			$line = mysql_fetch_array($result_check_owner, MYSQL_ASSOC);
			$useremaildb = $line["email"];
			if ( strcmp($useremaildb, $useremail)){	
				$add_owner = mysql_query("INSERT INTO owners (name,email,telephone,section) VALUES ('$username','$useremail','$userroom','$usertel')") or die (mysql_error());
				$result_check_owner = mysql_query($query_check_owner) or die (mysql_error());
				$line2 = mysql_fetch_array($result_check_owner, MYSQL_ASSOC);
				$owner_id = $line2["owner_id"];
				$add_ownership = mysql_query("INSERT INTO ownership VALUES ('$object',$object_index,$owner_id)") or die (mysql_error());
				echo "Owner $useremail added to $object $info";	
			} else {
				
				$result_check_owner = mysql_query($query_check_owner) or die (mysql_error());
				$line = mysql_fetch_array($result_check_owner, MYSQL_ASSOC);
				$owner_id = $line["owner_id"];
				$result_check_ownership = mysql_query("SELECT object_index FROM ownership WHERE object = '$object' AND owner_id = $owner_id") or die (mysql_error());
				$line2 = mysql_fetch_array($result_check_ownership, MYSQL_ASSOC);
				$object_indexdb = $line2["object_index"];
				if ($object_indexdb == $object_index) {
					echo "
					<div class='row'>
					<div align='center'><h1>ERROR: User $useremaildb is already the owner of the $object $info.</h1></div>
					";
					$return = $h->get_history_go(-1);
					echo "<p>&nbsp;<p><div align='center'><h2><a href='$return'>Return to $object $info</a></h2></div>";
					break;
				}
				$add_ownership = mysql_query("INSERT INTO ownership (object,object_index,owner_id) VALUES ('$object',$object_index,$owner_id)") or die (mysql_error());
				echo "Owner $useremail added to $object $info";	
			}
			
			echo "<div class='row'>";
			ui_enable_disable_alerts ($object,$object_index,$owner_id);
			echo "</div>";

			$return = 'owners.php?option=view_owners&owner='.$useremail.'&object='.$object.'&object_index='.$object_index;
			echo "<p>&nbsp;<p><div align='center'><h2><a href='$return'>Return to $object $info</a></h2></div>";
			break;
		}
	break;
	
	case "view_owners":
		if (mysql_num_rows($draw_query) != 0){

			echo "<div align='center'><h1>$object Info: $info</h1></div>\n";
			echo "<table width=95%>\n";

			switch ($object) {
			case "Host":
				$query_priority = mysql_query("SELECT priority FROM hosts WHERE host_id = '$object_index'") or die (mysql_error());
				$priority_value = mysql_fetch_assoc($query_priority);

				if ($priority_value['priority'] == 1 && ($sure != "yes")) {  //host deleted
					$title="<h1>$object Info</h1>";
				} elseif ($priority_value['priority'] == 0) {
					$menu_bar = menu_bar(array('rescan'=>'1','edit'=>'1','whitelist'=>'2','trash'=>'1','owners'=>'addusers'),$object_index);
					echo "<div class='buttonbar'>$menu_bar</div>\n";
					$title="<h1>$object Info</h1>";
				} else {
					$menu_bar = menu_bar(array('rescan'=>'1','edit'=>'1','whitelist'=>'1','trash'=>'1','owners'=>'addusers'),$object_index);
					echo "<div class='buttonbar'>$menu_bar</div>\n";
					$title="<h1>$object Info</h1>";
				}
				break;
			case "Range":
				$white_list_query =  mysql_query("SELECT ranges.range_id FROM white_list, ranges WHERE  ranges.range = white_list.white_list AND ranges.range_id = $object_index") or die (mysql_error());
				if (mysql_num_rows ($white_list_query) == 1) {
					$menu_bar = menu_bar(array('edit'=>'2','whitelist'=>'4','trash'=>'3','owners'=>'addusers'),$object_index);
				} else {
					$menu_bar = menu_bar(array('edit'=>'2','whitelist'=>'3','trash'=>'3','owners'=>'addusers'),$object_index);
				}
				echo "<div class='buttonbar'>$menu_bar</div>\n";
				break;
			case "Sensor":
				$menu_bar = menu_bar(array('edit'=>'3', 'trash'=>'2', 'owners'=>'addusers'),$object_index);
				echo "<div class='buttonbar'>$menu_bar</div>\n";
				break;
			}
			echo "<td align='left' valign='top' width=250>";
			$title = "<h1>$object info</h1>";
			draw_all($title,$draw_query,0);
		} else {
			echo "<div align='center'><h1>Host Unknown!!!</h1></div>";
			break;
		}
		echo "&nbsp";
		
		print_users($object, $object_index,$sum_mails_per_host);
		
		echo "</td>";
		echo "<td align='left' valign='top'>";
		
		menu_owner($ownerid,$object, $object_index);
		
	break;

	case "disable_alerts":

		$query = "SELECT send_alerts.alert_name AS 'Alert Name' FROM alert_type,send_alerts WHERE status = 'on' AND send_alerts.alert_name = alert_type.alert_name AND send_alerts.owner_id = $ownerid AND object_index = $object_index";
		echo "$query";
		$result = mysql_query($query);
		while ($linea = mysql_fetch_array($result, MYSQL_ASSOC)) {
				foreach ($linea as $field_col => $valor_col) {
				$active_alerts[] = $linea["Alert Name"];
			}
		}

		$disable = "";
		if (isset($_GET["disable"]))
		$disable = $_GET["disable"];

		if ( $disable == "yes" ) {
			echo "Disabling alerts...";
			foreach ($active_alerts as $active_alert) {
				if (isset($_GET[$active_alert])) {
					$del_send_alerts = mysql_query("DELETE FROM send_alerts WHERE object = '$object' AND object_index = '$object_index' AND owner_id = $ownerid AND alert_name = '$active_alert'") or die (mysql_error());
				}
			}
			echo "...Done <br>";
			$return = $h->get_history_go(-2);
			echo "<p>&nbsp;<p><div align='center'><h2><a href='$return'>Return to owner $email</a></h2></div>";
			break;
		}

		echo "
		 <div class='row'>
		<div align='center'><h1>You are going to disable the following Alerts:</h1></div>
		<form action='owners.php' method='get' onsubmit='return checkform(this);'>";
		foreach ($active_alerts as $active_alert) {
			if (isset($_GET[$active_alert])) {
				echo "<input type='hidden' name='$active_alert' value='off'>";
				echo "<div align='center'><h2>$active_alert</h2></div>";
			}
		}
		echo "
		<p>&nbsp;
		<div align='center'><h1> Are you sure?</h1></div>
		<input type='hidden' name='sure' value='yes'>
		<input type='hidden' name='object' value='$object'>
		<input type='hidden' name='object_index' value='$object_index'>
		<input type='hidden' name='option' value='disable_alerts'>
		<input type='hidden' name='ownerid' value='$ownerid'>
		<p><div align='center'><input class='lowred' type='submit' name='disable' value='yes'></div>
			";
		

	break;

	case "enable_alerts":
		
		$query = "SELECT alert_name AS 'Alert Name' FROM alert_type WHERE status = 'on'";
		$result = mysql_query($query);
		while ($linea = mysql_fetch_array($result, MYSQL_ASSOC)) {
				foreach ($linea as $field_col => $valor_col) {
				$disabled_alerts[] = $linea["Alert Name"];
			}
		}

		$enable = "";
		if (isset($_GET["enable"]))
		$enable = $_GET["enable"];

		if ( $enable == "yes" ) {
			echo "Enabling alerts...";
			foreach ($disabled_alerts as $disable_alert) {
				if (isset($_GET[$disable_alert])) {
					$add_send_alerts = mysql_query("INSERT INTO send_alerts (owner_id,alert_name,object,object_index) VALUES ('$ownerid', '$disable_alert', '$object', '$object_index')") or die (mysql_error());
				}
			}
			echo "...Done <br>";
			$return = 'owners.php?option=view_owners&owner='.$email.'&object='.$object.'&object_index='.$object_index;
			echo "<p>&nbsp;<p><div align='center'><h2><a href='$return'>Return to owner $email</a></h2></div>";
			break;
		}



		echo "
		<div class='row'>
		<div align='center'><h1>You are going to enable the following Alerts:</h1></div>
		<form action='owners.php' method='get' onsubmit='return checkform(this);'>";
		foreach ($disabled_alerts as $disable_alert) {
			if (isset($_GET[$disable_alert])) {
				echo "<input type='hidden' name='$disable_alert' value='off'>";
				echo "<div align='center'><h2>$disable_alert</h2></div>";
			}
		}
		echo "
		<p>&nbsp;
		<div align='center'><h1> Are you sure?</h1></div>
		<input type='hidden' name='sure' value='yes'>
		<input type='hidden' name='object' value='$object'>
		<input type='hidden' name='object_index' value='$object_index'>
		<input type='hidden' name='option' value='enable_alerts'>
		<input type='hidden' name='ownerid' value='$ownerid'>
		<p><div align='center'><input class='lowred' type='submit' name='enable' value='yes'></div>
		";
		
	break;

	case "manage_alerts":

		if (isset($_GET["Enabled"])){
			$list_enabled = $_GET["Enabled"];
			$enabled = explode(", ", $list_enabled);
		}
		if (isset($_GET["Disabled"])) {
			$list_disabled = $_GET["Disabled"];
			$disabled = explode(", ", $list_disabled);
		}

		$save = "";
		if (isset($_GET["save"]))
		$save = $_GET["save"];

		if ( $save == "yes" ) {
			echo "Saving alerts config...";
			
			$del_send_alerts = mysql_query("DELETE FROM send_alerts WHERE object = '$object' AND object_index = '$object_index' AND owner_id = $ownerid") or die (mysql_error());
			
			foreach ($enabled as $enable) {
				$add_send_alerts = mysql_query("INSERT INTO send_alerts (owner_id,alert_name,object,object_index) VALUES ('$ownerid', '$enable', '$object', '$object_index')") or die (mysql_error());
			}
			
			$return = 'owners.php?option=view_owners&owner='.$email.'&object='.$object.'&object_index='.$object_index;
			echo "<p>&nbsp;<p><div align='center'><h2><a href='$return'>Return to owner $email</a></h2></div>";
			break;
		}

		echo "
		<div class='row'>
		<div align='center'><h1>You are going to save this alerts configuration for $email owner</h1></div>
		<table class='cancerbero' width = 800>
		<tbody>
		<tr>
		<td align='center' style='vertical-align: bottom; background-color: rgb(255, 204, 153);'><h3>Disabled Alerts</h3></td>\n
		<td align='center' style='vertical-align: bottom; background-color: rgb(255, 204, 153);'><h3>Enabled Alerts</h3></td>\n
		</tr>
		<tr><td align = 'center' style='vertical-align: top; background-color: rgb(255, 255, 150)'>";
		foreach ($disabled as $dis) {
			echo "<h3>$dis</h3>";
		}
		echo "</td><td align = 'center' style='vertical-align: top; background-color: rgb(255, 255, 150)'>";
		foreach ($enabled as $ena) {
			echo "<h3>$ena</h3>";
		}
		echo "
		</td></tr></tbody>
		</table>

		<form action='owners.php' method='get' onsubmit='return checkform(this);'>
		<p>&nbsp;
		<div align='center'><h1> Are you sure?</h1></div>
		<input type='hidden' name='sure' value='yes'>
		<input type='hidden' name='Enabled' value='$list_enabled'>
		<input type='hidden' name='Disabled' value='$list_disabled'>
		<input type='hidden' name='object' value='$object'>
		<input type='hidden' name='object_index' value='$object_index'>
		<input type='hidden' name='option' value='manage_alerts'>
		<input type='hidden' name='ownerid' value='$ownerid'>
		<p><div align='center'><input class='lowred' type='submit' name='save' value='yes'></div>
		</div>
		";
	break;

	case "delete_owner":
		# Delete a ownership from the DB.
		
		$sure = "";
		if (isset($_GET["sure"]))
		$sure = $_GET["sure"];
		
		if ( $sure == "yes" ) {
			echo "Deleting alerts...";
			$delete_data_host = mysql_query("DELETE FROM send_alerts WHERE owner_id = (SELECT owner_id FROM owners WHERE owners.email = '$owner') AND object_index = '$object_index' AND object = '$object'");
			echo "...Done <br>";
			echo "Deleting ownership...";
			$delete_data_host = mysql_query("DELETE FROM ownership WHERE owner_id = (SELECT owner_id FROM owners WHERE owners.email = '$owner') AND object_index = '$object_index' AND object = '$object'");
			echo "...Done <br>";
			echo "Owner $owner deleted from $object $info";
			$return = $h->get_history_go(-2);
			echo "<p>&nbsp;<p><div align='center'><h2><a href='$return'>Return $object $info</a></h2></div>";
			break;
		} else {
			#Show a warning with the owner that will be deleted.
			echo "
			<div class='row'>
			<div align='center'><h1>Ownership of this $object is goint to be deleted for the user $owner.</h1></div>
			<div align='center'><h2> Are you sure?</h2></div>
			<form action='owners.php' method='get' onsubmit='return checkform(this);'>
			<input type='hidden' name='sure' value='yes'>
			<input type='hidden' name='owner' value='$owner'>
			<input type='hidden' name='object' value='$object'>
			<input type='hidden' name='object_index' value='$object_index'>
			<input type='hidden' name='option' value='delete_owner'>
			<p><div align='center'><input class='lowred' type='submit' name='delete' value='yes'></div>
			";
			$return = $h->get_history_go(-1);
			echo "<p>&nbsp;<p><div align='center'><h2><a href='$return'>Return $object $info</a></h2></div>";
			break;
		}
 
	default:
	include("index.php");
}

echo "</td>";
echo "</table>";

?>