From 4ede845c1cb687e47f59676ce455e56ab3184d00 Mon Sep 17 00:00:00 2001
From: Arturo Gonzalez Diaz <arturo.gonzalez@artica.es>
Date: Thu, 23 Jul 2015 16:27:20 +0200
Subject: [PATCH] Recon-task ACL changed. Ticket #2179

---
 .../godmode/servers/manage_recontask.php      | 168 ++++++++++--------
 .../godmode/servers/manage_recontask_form.php |   6 +-
 2 files changed, 98 insertions(+), 76 deletions(-)

diff --git a/pandora_console/godmode/servers/manage_recontask.php b/pandora_console/godmode/servers/manage_recontask.php
index 34e7af5228..47ea18ddda 100644
--- a/pandora_console/godmode/servers/manage_recontask.php
+++ b/pandora_console/godmode/servers/manage_recontask.php
@@ -35,6 +35,9 @@ if (check_acl ($config['id_user'], 0, "AW")) {
 $user_groups = users_get_groups(false, 'AW', true, false, null, 'id_grupo');
 $user_groups = array_keys($user_groups);
 
+$user_groups_r = users_get_groups(false, 'AR', true, false, null, 'id_grupo');
+$user_groups_r = array_keys($user_groups_r);
+
 // Headers
 //ui_print_page_header (__('Manage recontask'), "images/gm_servers.png", false, "", true);
 ui_print_page_header (__('Manage recontask'), "images/gm_servers.png", false, "", true, $options);
@@ -152,14 +155,24 @@ if (isset($_GET["update"])) {
 	
 	$reason = '';
 	if ($name != "") {
-		if (($id_recon_script == 'NULL') && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
+		if ((db_get_value_filter ('name', 'trecon_task', array ('name' => $name))) && (!preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))){
+			$reason = __('Recon-task name already exists and incorrect format in Subnet field');
+			$result = false;
+		}
+		else if(db_get_value_filter ('name', 'trecon_task', array ('name' => $name))){
+			$reason = __('Recon-task name already exists');
+			$result = false;
+		}
+		else if ((empty($id_recon_script)) && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network)){
 			$result = db_process_sql_update('trecon_task', $values, $where);
-		elseif ($id_recon_script != 'NULL')
+		}
+		elseif (!empty($id_recon_script)){
 			$result = db_process_sql_update('trecon_task', $values, $where);
+		}
 		else  {
 			if (!preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
 				$reason = __('Incorrect format in Subnet field');
-			$result = false; 
+			$result = false;
 		}
 	}
 	else
@@ -207,8 +220,21 @@ if (isset($_GET["create"])) {
 	$name = io_safe_input($name);
 	
 	$reason = "";
-	if (($name != "") && (! db_get_value_filter ('name', 'trecon_task', array ('name' => $name)))) {
-		if (($id_recon_script == 'NULL') && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
+
+	if ($name != "") {
+		if ((db_get_value_filter ('name', 'trecon_task', array ('name' => $name))) && (!preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))){
+			$reason = __('Recon-task name already exists and incorrect format in Subnet field');
+			$result = false;
+		}
+		else if (!preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network)){
+			$reason = __('Incorrect format in Subnet field');
+			$result = false;
+		}
+		else if (db_get_value_filter ('name', 'trecon_task', array ('name' => $name))){
+			$reason = __('Recon-task name already exists');
+			$result = false;
+		}
+		else if (empty($id_recon_script) && preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
 		{
 			$result = db_process_sql_insert('trecon_task', $values);
 			
@@ -217,18 +243,13 @@ if (isset($_GET["create"])) {
 		elseif ($id_recon_script != 'NULL') {
 			$result = db_process_sql_insert('trecon_task', $values);
 		}
-		else {
-			if (!preg_match("/[0-9]+.+[0-9]+.+[0-9]+.+[0-9]+\/+[0-9]/", $network))
-				$reason = __('Incorrect format in Subnet field');
+		else{
+			$reason = __('Error');
 			$result = false;
 		}
 	}
 	else {
-		$result = false;
-	}
-
-	if (db_get_value_filter ('name', 'trecon_task', array ('name' => $name))){
-		$reason = __('Recon-task name already exists');
+		$reason = 'The field "Task name" is empty';
 		$result = false;
 	}
 	
@@ -270,86 +291,87 @@ if ($result !== false) {
 	$table->style[8] = 'text-align: center;';
 	
 	foreach ($result as $row) {
-		$data = array();
-		//$data[0] = '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&crt=update&update='.$row["id_rt"].'&upd='.$row["id_rt"].'"><b>'.$row["name"].'</b></a>';
-		$data[0] = $row["name"];
+		if (in_array($row["id_group"], $user_groups_r)){
+			$data = array();
+			$data[0] = $row["name"];
 
-		if ($row["id_recon_script"] == 0)
-			$data[1] = $row["subnet"];
-		else
-			$data[1] =__("N/A");
+			if ($row["id_recon_script"] == 0)
+				$data[1] = $row["subnet"];
+			else
+				$data[1] =__("N/A");
 		
 		
-		if ($row["id_recon_script"] == 0) {
-			// Network recon task
-			$data[2] = html_print_image ("images/network.png", true, array ("title" => __('Network recon task')))."&nbsp;&nbsp;";
-			$data[2] .= network_profiles_get_name ($row["id_network_profile"]);
-		}
-		else {
-			// APP recon task
-			$data[2] = html_print_image ("images/plugin.png", true). "&nbsp;&nbsp;";
-			$data[2] .= db_get_sql (sprintf("SELECT name FROM trecon_script WHERE id_recon_script = %d", $row["id_recon_script"]));
-		}
+			if ($row["id_recon_script"] == 0) {
+				// Network recon task
+				$data[2] = html_print_image ("images/network.png", true, array ("title" => __('Network recon task')))."&nbsp;&nbsp;";
+				$data[2] .= network_profiles_get_name ($row["id_network_profile"]);
+			}
+			else {
+				// APP recon task
+				$data[2] = html_print_image ("images/plugin.png", true). "&nbsp;&nbsp;";
+				$data[2] .= db_get_sql (sprintf("SELECT name FROM trecon_script WHERE id_recon_script = %d", $row["id_recon_script"]));
+			}
 		
 		
-		// GROUP
-		if ($row["id_recon_script"] == 0) {
-			$data[3] = ui_print_group_icon ($row["id_group"], true);
-		}
-		else {
-			$data[3] = "-";
-		}
+			// GROUP
+			if ($row["id_recon_script"] == 0) {
+				$data[3] = ui_print_group_icon ($row["id_group"], true);
+			}
+			else {
+				$data[3] = "-";
+			}
 		
-		// INCIDENT
-		$data[4] = (($row["create_incident"] == 1) ? __('Yes') : __('No'));
+			// INCIDENT
+			$data[4] = (($row["create_incident"] == 1) ? __('Yes') : __('No'));
 		
-		// OS
-		if ($row["id_recon_script"] == 0) {
-			$data[5] =(($row["id_os"] > 0) ? ui_print_os_icon ($row["id_os"], false, true) : __('Any'));
-		}
-		else {
-			$data[5] = "-";
-		}
-		// INTERVAL
-		if ($row["interval_sweep"]==0)
-			$data[6] = __("Manual");
-		else
-			$data[6] =human_time_description_raw($row["interval_sweep"]);
+			// OS
+			if ($row["id_recon_script"] == 0) {
+				$data[5] =(($row["id_os"] > 0) ? ui_print_os_icon ($row["id_os"], false, true) : __('Any'));
+			}
+			else {
+				$data[5] = "-";
+			}
+			// INTERVAL
+			if ($row["interval_sweep"]==0)
+				$data[6] = __("Manual");
+			else
+				$data[6] =human_time_description_raw($row["interval_sweep"]);
 		
-		// PORTS
-		if ($row["id_recon_script"] == 0) {
-			$data[7] = substr($row["recon_ports"],0,15);
-		}
-		else {
-			$data[7] = "-";
-		}
+			// PORTS
+			if ($row["id_recon_script"] == 0) {
+				$data[7] = substr($row["recon_ports"],0,15);
+			}
+			else {
+				$data[7] = "-";
+			}
 		
-		$task_group = $row["id_group"];
+			$task_group = $row["id_group"];
 
-		if (in_array($task_group, $user_groups)){
+			if (in_array($task_group, $user_groups)){
+				$data[8] = '<a href="index.php?sec=estado&sec2=operation/servers/recon_view">' . html_print_image("images/eye.png", true) . '</a>';
+				$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&delete='.$row["id_rt"].'">' . html_print_image("images/cross.png", true, array("border" => '0')) . '</a>';
+				$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&update='.$row["id_rt"].'">' .html_print_image("images/config.png", true) . '</a>';
+			
+				if($row["disabled"] == 0) {
+					$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=1">' .html_print_image("images/lightbulb.png", true) . '</a>';
+				}
+				else {
+					$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=0">' .html_print_image("images/lightbulb_off.png", true) . '</a>';
+				}
+			}
+			// ACTION
 			$data[8] = '<a href="index.php?sec=estado&sec2=operation/servers/recon_view">' . html_print_image("images/eye.png", true) . '</a>';
 			$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&delete='.$row["id_rt"].'">' . html_print_image("images/cross.png", true, array("border" => '0')) . '</a>';
 			$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&update='.$row["id_rt"].'">' .html_print_image("images/config.png", true) . '</a>';
-			
+		
 			if($row["disabled"] == 0) {
 				$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=1">' .html_print_image("images/lightbulb.png", true) . '</a>';
 			}
 			else {
 				$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=0">' .html_print_image("images/lightbulb_off.png", true) . '</a>';
 			}
+			$table->data[] = $data;
 		}
-		// ACTION
-		$data[8] = '<a href="index.php?sec=estado&sec2=operation/servers/recon_view">' . html_print_image("images/eye.png", true) . '</a>';
-		$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&delete='.$row["id_rt"].'">' . html_print_image("images/cross.png", true, array("border" => '0')) . '</a>';
-		$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask_form&update='.$row["id_rt"].'">' .html_print_image("images/config.png", true) . '</a>';
-		
-		if($row["disabled"] == 0) {
-			$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=1">' .html_print_image("images/lightbulb.png", true) . '</a>';
-		}
-		else {
-			$data[8] .= '<a href="index.php?sec=gservers&sec2=godmode/servers/manage_recontask&id='.$row["id_rt"].'&disabled=0">' .html_print_image("images/lightbulb_off.png", true) . '</a>';
-		}
-		$table->data[] = $data;
 	}
 	
 	html_print_table ($table);
diff --git a/pandora_console/godmode/servers/manage_recontask_form.php b/pandora_console/godmode/servers/manage_recontask_form.php
index 464ef3d4ac..194ca178a6 100644
--- a/pandora_console/godmode/servers/manage_recontask_form.php
+++ b/pandora_console/godmode/servers/manage_recontask_form.php
@@ -62,11 +62,11 @@ if (is_ajax ()) {
 }
 
 // Edit mode
-if (isset ($_GET["update"]) or (isset($_GET["crt"]))) {
+if (isset ($_GET["update"]) or (isset($_GET["upd"]))) {
 	
 	$update_recon = true;
-	if (isset ($_GET["crt"])) {
-		if ($_GET["crt"] != "update") {
+	if (isset ($_GET["upd"])) {
+		if ($_GET["upd"] != "update") {
 			$update_recon = false;
 		}
 		else {