92 * This function validates it if correct it inserts it into the database. |
92 * This function validates it if correct it inserts it into the database. |
93 * return values: true if succesful. |
93 * return values: true if succesful. |
94 */ |
94 */ |
95 function edit_record($record) { |
95 function edit_record($record) { |
96 |
96 |
97 if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } |
97 if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } |
98 elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } |
98 elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } |
99 else { $perm_content_edit = "none" ; } |
99 else { $perm_content_edit = "none" ; } |
100 |
100 |
101 $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']); |
101 $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']); |
102 $zone_type = get_domain_type($record['zid']); |
102 $zone_type = get_domain_type($record['zid']); |
103 |
103 |
146 * return values: true if succesful. |
146 * return values: true if succesful. |
147 */ |
147 */ |
148 function add_record($zoneid, $name, $type, $content, $ttl, $prio) { |
148 function add_record($zoneid, $name, $type, $content, $ttl, $prio) { |
149 global $db; |
149 global $db; |
150 |
150 |
151 if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } |
151 if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } |
152 elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } |
152 elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } |
153 else { $perm_content_edit = "none" ; } |
153 else { $perm_content_edit = "none" ; } |
154 |
154 |
155 $user_is_zone_owner = verify_user_is_owner_zoneid($zoneid); |
155 $user_is_zone_owner = verify_user_is_owner_zoneid($zoneid); |
156 $zone_type = get_domain_type($zoneid); |
156 $zone_type = get_domain_type($zoneid); |
157 |
157 |
262 */ |
262 */ |
263 function delete_record($rid) |
263 function delete_record($rid) |
264 { |
264 { |
265 global $db; |
265 global $db; |
266 |
266 |
267 if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } |
267 if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } |
268 elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } |
268 elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } |
269 else { $perm_content_edit = "none" ; } |
269 else { $perm_content_edit = "none" ; } |
270 |
270 |
271 // Determine ID of zone first. |
271 // Determine ID of zone first. |
272 $record = get_record_details_from_record_id($rid); |
272 $record = get_record_details_from_record_id($rid); |
273 $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']); |
273 $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']); |
299 * remember to request nextID's from the database to be able to insert record. |
299 * remember to request nextID's from the database to be able to insert record. |
300 * if anything is invalid the function will error |
300 * if anything is invalid the function will error |
301 */ |
301 */ |
302 function add_domain($domain, $owner, $webip, $mailip, $empty, $type, $slave_master) |
302 function add_domain($domain, $owner, $webip, $mailip, $empty, $type, $slave_master) |
303 { |
303 { |
304 if(verify_permission(zone_master_add)) { $zone_master_add = "1" ; } ; |
304 if(verify_permission('zone_master_add')) { $zone_master_add = "1" ; } ; |
305 if(verify_permission(zone_slave_add)) { $zone_slave_add = "1" ; } ; |
305 if(verify_permission('zone_slave_add')) { $zone_slave_add = "1" ; } ; |
306 |
306 |
307 // TODO: make sure only one is possible if only one is enabled |
307 // TODO: make sure only one is possible if only one is enabled |
308 if($zone_master_add == "1" || $zone_slave_add == "1") { |
308 if($zone_master_add == "1" || $zone_slave_add == "1") { |
309 |
309 |
310 global $db; |
310 global $db; |
392 */ |
392 */ |
393 function delete_domain($id) |
393 function delete_domain($id) |
394 { |
394 { |
395 global $db; |
395 global $db; |
396 |
396 |
397 if (verify_permission(zone_content_edit_others)) { $perm_edit = "all" ; } |
397 if (verify_permission('zone_content_edit_others')) { $perm_edit = "all" ; } |
398 elseif (verify_permission(zone_content_edit_own)) { $perm_edit = "own" ; } |
398 elseif (verify_permission('zone_content_edit_own')) { $perm_edit = "own" ; } |
399 else { $perm_edit = "none" ; } |
399 else { $perm_edit = "none" ; } |
400 $user_is_zone_owner = verify_user_is_owner_zoneid($id); |
400 $user_is_zone_owner = verify_user_is_owner_zoneid($id); |
401 |
401 |
402 if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) { |
402 if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) { |
403 if (is_numeric($id)) { |
403 if (is_numeric($id)) { |
440 * return values: true when succesful. |
440 * return values: true when succesful. |
441 */ |
441 */ |
442 function add_owner_to_zone($zone_id, $user_id) |
442 function add_owner_to_zone($zone_id, $user_id) |
443 { |
443 { |
444 global $db; |
444 global $db; |
445 if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) { |
445 if ( (verify_permission('zone_meta_edit_others')) || (verify_permission('zone_meta_edit_own')) && verify_user_is_owner_zoneid($_GET["id"])) { |
446 // User is allowed to make change to meta data of this zone. |
446 // User is allowed to make change to meta data of this zone. |
447 if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) |
447 if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) |
448 { |
448 { |
449 if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) == 0) |
449 if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) == 0) |
450 { |
450 { |
461 |
461 |
462 |
462 |
463 function delete_owner_from_zone($zone_id, $user_id) |
463 function delete_owner_from_zone($zone_id, $user_id) |
464 { |
464 { |
465 global $db; |
465 global $db; |
466 if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) { |
466 if ( (verify_permission('zone_meta_edit_others')) || (verify_permission('zone_meta_edit_own')) && verify_user_is_owner_zoneid($_GET["id"])) { |
467 // User is allowed to make change to meta data of this zone. |
467 // User is allowed to make change to meta data of this zone. |
468 if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) |
468 if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) |
469 { |
469 { |
470 // TODO: Next if() required, why not just execute DELETE query? |
470 // TODO: Next if() required, why not just execute DELETE query? |
471 if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) != 0) |
471 if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) != 0) |
584 } |
584 } |
585 } |
585 } |
586 |
586 |
587 function get_zone_info_from_id($zone_id) { |
587 function get_zone_info_from_id($zone_id) { |
588 |
588 |
589 if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } |
589 if (verify_permission('zone_content_view_others')) { $perm_view = "all" ; } |
590 elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } |
590 elseif (verify_permission('zone_content_view_own')) { $perm_view = "own" ; } |
591 else { $perm_view = "none" ;} |
591 else { $perm_view = "none" ;} |
592 |
592 |
593 if ($perm_view == "none") { |
593 if ($perm_view == "none") { |
594 error(ERR_PERM_VIEW_ZONE); |
594 error(ERR_PERM_VIEW_ZONE); |
595 } else { |
595 } else { |
686 error(sprintf(ERR_INV_ARGC, "supermaster_exists", "No or no valid IPv4 or IPv6 address given.")); |
686 error(sprintf(ERR_INV_ARGC, "supermaster_exists", "No or no valid IPv4 or IPv6 address given.")); |
687 } |
687 } |
688 } |
688 } |
689 |
689 |
690 |
690 |
691 function get_zones($perm,$userid=0,$letterstart=all,$rowstart=0,$rowamount=999999) |
691 function get_zones($perm,$userid=0,$letterstart='all',$rowstart=0,$rowamount=999999) |
692 { |
692 { |
693 global $db; |
693 global $db; |
694 global $sql_regexp; |
694 global $sql_regexp; |
|
695 $sql_add = ''; |
695 if ($perm != "own" && $perm != "all") { |
696 if ($perm != "own" && $perm != "all") { |
696 error(ERR_PERM_VIEW_ZONE); |
697 error(ERR_PERM_VIEW_ZONE); |
697 return false; |
698 return false; |
698 } |
699 } |
699 else |
700 else |
700 { |
701 { |
701 if ($perm == "own") { |
702 if ($perm == "own") { |
702 $sql_add = " AND zones.domain_id = domains.id |
703 $sql_add = " AND zones.domain_id = domains.id |
703 AND zones.owner = ".$db->quote($userid); |
704 AND zones.owner = ".$db->quote($userid); |
704 } |
705 } |
705 if ($letterstart!=all && $letterstart!=1) { |
706 if ($letterstart!='all' && $letterstart!=1) { |
706 $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; |
707 $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; |
707 } elseif ($letterstart==1) { |
708 } elseif ($letterstart==1) { |
708 $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; |
709 $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; |
709 } |
710 } |
710 } |
711 } |
750 if ($perm == "own") { |
752 if ($perm == "own") { |
751 $sql_add = " AND zones.domain_id = domains.id |
753 $sql_add = " AND zones.domain_id = domains.id |
752 AND zones.owner = ".$db->quote($_SESSION['userid']); |
754 AND zones.owner = ".$db->quote($_SESSION['userid']); |
753 $fromTable .= ',zones'; |
755 $fromTable .= ',zones'; |
754 } |
756 } |
755 if ($letterstart!=all && $letterstart!=1) { |
757 if ($letterstart!='all' && $letterstart!=1) { |
756 $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; |
758 $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; |
757 } elseif ($letterstart==1) { |
759 } elseif ($letterstart==1) { |
758 $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; |
760 $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; |
759 } |
761 } |
760 |
762 |
826 * return values: the array with information, or -1 is nothing is found. |
828 * return values: the array with information, or -1 is nothing is found. |
827 */ |
829 */ |
828 function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999) { |
830 function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999) { |
829 global $db; |
831 global $db; |
830 if (is_numeric($id)) { |
832 if (is_numeric($id)) { |
831 if ($_SESSION[$id."_ispartial"] == 1) { |
833 if ((isset($_SESSION[$id."_ispartial"])) && ($_SESSION[$id."_ispartial"] == 1)) { |
832 $db->setLimit($rowamount, $rowstart); |
834 $db->setLimit($rowamount, $rowstart); |
833 $result = $db->query("SELECT record_owners.record_id as id |
835 $result = $db->query("SELECT record_owners.record_id as id |
834 FROM record_owners,domains,records |
836 FROM record_owners,domains,records |
835 WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"]) . " |
837 WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"]) . " |
836 AND record_owners.record_id = records.id |
838 AND record_owners.record_id = records.id |
905 |
907 |
906 global $db; |
908 global $db; |
907 |
909 |
908 $holy_grail = trim($holy_grail); |
910 $holy_grail = trim($holy_grail); |
909 |
911 |
910 if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } |
912 $sql_add_from = ''; |
911 elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } |
913 $sql_add_where = ''; |
|
914 |
|
915 $return_zones = array(); |
|
916 $return_records = array(); |
|
917 |
|
918 if (verify_permission('zone_content_view_others')) { $perm_view = "all" ; } |
|
919 elseif (verify_permission('zone_content_view_own')) { $perm_view = "own" ; } |
912 else { $perm_view = "none" ; } |
920 else { $perm_view = "none" ; } |
913 |
921 |
914 if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } |
922 if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } |
915 elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } |
923 elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } |
916 else { $perm_content_edit = "none" ; } |
924 else { $perm_content_edit = "none" ; } |
917 |
925 |
918 // Search for matching domains |
926 // Search for matching domains |
919 |
|
920 if ($perm == "own") { |
927 if ($perm == "own") { |
921 $sql_add_from = ", zones "; |
928 $sql_add_from = ", zones "; |
922 $sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($userid); |
929 $sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($userid); |
923 } |
930 } |
924 |
931 |