inc/record.inc.php
changeset 126 cb06e3e29ed8
parent 120 982f722376b4
child 127 e2c54e888f7e
equal deleted inserted replaced
125:700a3674b72e 126:cb06e3e29ed8
    92  * This function validates it if correct it inserts it into the database.
    92  * This function validates it if correct it inserts it into the database.
    93  * return values: true if succesful.
    93  * return values: true if succesful.
    94  */
    94  */
    95 function edit_record($record) {
    95 function edit_record($record) {
    96 
    96 
    97 	if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; }
    97 	if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; }
    98 	elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; }
    98 	elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; }
    99 	else { $perm_content_edit = "none" ; }
    99 	else { $perm_content_edit = "none" ; }
   100 
   100 
   101 	$user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']);
   101 	$user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']);
   102 	$zone_type = get_domain_type($record['zid']);
   102 	$zone_type = get_domain_type($record['zid']);
   103 
   103 
   146  * return values: true if succesful.
   146  * return values: true if succesful.
   147  */
   147  */
   148 function add_record($zoneid, $name, $type, $content, $ttl, $prio) {
   148 function add_record($zoneid, $name, $type, $content, $ttl, $prio) {
   149 	global $db;
   149 	global $db;
   150 
   150 
   151 	if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; }
   151 	if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; }
   152 	elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; }
   152 	elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; }
   153 	else { $perm_content_edit = "none" ; }
   153 	else { $perm_content_edit = "none" ; }
   154 
   154 
   155 	$user_is_zone_owner = verify_user_is_owner_zoneid($zoneid);
   155 	$user_is_zone_owner = verify_user_is_owner_zoneid($zoneid);
   156 	$zone_type = get_domain_type($zoneid);
   156 	$zone_type = get_domain_type($zoneid);
   157 
   157 
   262  */
   262  */
   263 function delete_record($rid)
   263 function delete_record($rid)
   264 {
   264 {
   265 	global $db;
   265 	global $db;
   266 
   266 
   267 	if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } 
   267 	if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; } 
   268 	elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } 
   268 	elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; } 
   269 	else { $perm_content_edit = "none" ; }
   269 	else { $perm_content_edit = "none" ; }
   270 
   270 
   271 	// Determine ID of zone first.
   271 	// Determine ID of zone first.
   272 	$record = get_record_details_from_record_id($rid);
   272 	$record = get_record_details_from_record_id($rid);
   273 	$user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']);
   273 	$user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']);
   299  * remember to request nextID's from the database to be able to insert record.
   299  * remember to request nextID's from the database to be able to insert record.
   300  * if anything is invalid the function will error
   300  * if anything is invalid the function will error
   301  */
   301  */
   302 function add_domain($domain, $owner, $webip, $mailip, $empty, $type, $slave_master)
   302 function add_domain($domain, $owner, $webip, $mailip, $empty, $type, $slave_master)
   303 {
   303 {
   304 	if(verify_permission(zone_master_add)) { $zone_master_add = "1" ; } ;
   304 	if(verify_permission('zone_master_add')) { $zone_master_add = "1" ; } ;
   305 	if(verify_permission(zone_slave_add)) { $zone_slave_add = "1" ; } ;
   305 	if(verify_permission('zone_slave_add')) { $zone_slave_add = "1" ; } ;
   306 
   306 
   307 	// TODO: make sure only one is possible if only one is enabled
   307 	// TODO: make sure only one is possible if only one is enabled
   308 	if($zone_master_add == "1" || $zone_slave_add == "1") {
   308 	if($zone_master_add == "1" || $zone_slave_add == "1") {
   309 
   309 
   310 		global $db;
   310 		global $db;
   392  */
   392  */
   393 function delete_domain($id)
   393 function delete_domain($id)
   394 {
   394 {
   395 	global $db;
   395 	global $db;
   396 
   396 
   397 	if (verify_permission(zone_content_edit_others)) { $perm_edit = "all" ; }
   397 	if (verify_permission('zone_content_edit_others')) { $perm_edit = "all" ; }
   398 	elseif (verify_permission(zone_content_edit_own)) { $perm_edit = "own" ; }
   398 	elseif (verify_permission('zone_content_edit_own')) { $perm_edit = "own" ; }
   399 	else { $perm_edit = "none" ; }
   399 	else { $perm_edit = "none" ; }
   400 	$user_is_zone_owner = verify_user_is_owner_zoneid($id);
   400 	$user_is_zone_owner = verify_user_is_owner_zoneid($id);
   401 
   401 
   402         if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) {    
   402         if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) {    
   403 		if (is_numeric($id)) {
   403 		if (is_numeric($id)) {
   440  * return values: true when succesful.
   440  * return values: true when succesful.
   441  */
   441  */
   442 function add_owner_to_zone($zone_id, $user_id)
   442 function add_owner_to_zone($zone_id, $user_id)
   443 {
   443 {
   444 	global $db;
   444 	global $db;
   445 	if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) {
   445 	if ( (verify_permission('zone_meta_edit_others')) || (verify_permission('zone_meta_edit_own')) && verify_user_is_owner_zoneid($_GET["id"])) {
   446 		// User is allowed to make change to meta data of this zone.
   446 		// User is allowed to make change to meta data of this zone.
   447 		if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id))
   447 		if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id))
   448 		{
   448 		{
   449 			if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) == 0)
   449 			if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) == 0)
   450 			{
   450 			{
   461 
   461 
   462 
   462 
   463 function delete_owner_from_zone($zone_id, $user_id)
   463 function delete_owner_from_zone($zone_id, $user_id)
   464 {
   464 {
   465 	global $db;
   465 	global $db;
   466 	if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) {
   466 	if ( (verify_permission('zone_meta_edit_others')) || (verify_permission('zone_meta_edit_own')) && verify_user_is_owner_zoneid($_GET["id"])) {
   467 		// User is allowed to make change to meta data of this zone.
   467 		// User is allowed to make change to meta data of this zone.
   468 		if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id))
   468 		if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id))
   469 		{
   469 		{
   470 			// TODO: Next if() required, why not just execute DELETE query?
   470 			// TODO: Next if() required, why not just execute DELETE query?
   471 			if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) != 0)
   471 			if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) != 0)
   584 	}
   584 	}
   585 }
   585 }
   586 
   586 
   587 function get_zone_info_from_id($zone_id) {
   587 function get_zone_info_from_id($zone_id) {
   588 
   588 
   589 	if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } 
   589 	if (verify_permission('zone_content_view_others')) { $perm_view = "all" ; } 
   590 	elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; }
   590 	elseif (verify_permission('zone_content_view_own')) { $perm_view = "own" ; }
   591 	else { $perm_view = "none" ;}
   591 	else { $perm_view = "none" ;}
   592 
   592 
   593 	if ($perm_view == "none") { 
   593 	if ($perm_view == "none") { 
   594 		error(ERR_PERM_VIEW_ZONE);
   594 		error(ERR_PERM_VIEW_ZONE);
   595 	} else {
   595 	} else {
   686                 error(sprintf(ERR_INV_ARGC, "supermaster_exists", "No or no valid IPv4 or IPv6 address given."));
   686                 error(sprintf(ERR_INV_ARGC, "supermaster_exists", "No or no valid IPv4 or IPv6 address given."));
   687         }
   687         }
   688 }
   688 }
   689 
   689 
   690 
   690 
   691 function get_zones($perm,$userid=0,$letterstart=all,$rowstart=0,$rowamount=999999) 
   691 function get_zones($perm,$userid=0,$letterstart='all',$rowstart=0,$rowamount=999999) 
   692 {
   692 {
   693 	global $db;
   693 	global $db;
   694 	global $sql_regexp;
   694 	global $sql_regexp;
       
   695 	$sql_add = '';
   695 	if ($perm != "own" && $perm != "all") {
   696 	if ($perm != "own" && $perm != "all") {
   696 		error(ERR_PERM_VIEW_ZONE);
   697 		error(ERR_PERM_VIEW_ZONE);
   697 		return false;
   698 		return false;
   698 	}
   699 	}
   699 	else
   700 	else
   700 	{
   701 	{
   701 		if ($perm == "own") {
   702 		if ($perm == "own") {
   702 			$sql_add = " AND zones.domain_id = domains.id
   703 			$sql_add = " AND zones.domain_id = domains.id
   703 				AND zones.owner = ".$db->quote($userid);
   704 				AND zones.owner = ".$db->quote($userid);
   704 		}
   705 		}
   705 		if ($letterstart!=all && $letterstart!=1) {
   706 		if ($letterstart!='all' && $letterstart!=1) {
   706 			$sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." ";
   707 			$sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." ";
   707 		} elseif ($letterstart==1) {
   708 		} elseif ($letterstart==1) {
   708 			$sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
   709 			$sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
   709 		}
   710 		}
   710 	}
   711 	}
   734 	}
   735 	}
   735 	return $ret;
   736 	return $ret;
   736 }
   737 }
   737 
   738 
   738 // TODO: letterstart limitation and userid permission limitiation should be applied at the same time?
   739 // TODO: letterstart limitation and userid permission limitiation should be applied at the same time?
   739 function zone_count_ng($perm, $letterstart=all) {
   740 function zone_count_ng($perm, $letterstart='all') {
   740 	global $db;
   741 	global $db;
   741 	global $sql_regexp;
   742 	global $sql_regexp;
   742 
   743 
   743 	$fromTable = 'domains';
   744 	$fromTable = 'domains';
       
   745 	$sql_add = '';
   744 
   746 
   745 	if ($perm != "own" && $perm != "all") {
   747 	if ($perm != "own" && $perm != "all") {
   746 		$zone_count = "0";
   748 		$zone_count = "0";
   747 	} 
   749 	} 
   748 	else 
   750 	else 
   750 		if ($perm == "own") {
   752 		if ($perm == "own") {
   751 			$sql_add = " AND zones.domain_id = domains.id
   753 			$sql_add = " AND zones.domain_id = domains.id
   752 					AND zones.owner = ".$db->quote($_SESSION['userid']);
   754 					AND zones.owner = ".$db->quote($_SESSION['userid']);
   753 			$fromTable .= ',zones';
   755 			$fromTable .= ',zones';
   754 		}
   756 		}
   755 		if ($letterstart!=all && $letterstart!=1) {
   757 		if ($letterstart!='all' && $letterstart!=1) {
   756 			$sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." ";
   758 			$sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." ";
   757 		} elseif ($letterstart==1) {
   759 		} elseif ($letterstart==1) {
   758 			$sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
   760 			$sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
   759 		}
   761 		}
   760 
   762 
   826  * return values: the array with information, or -1 is nothing is found.
   828  * return values: the array with information, or -1 is nothing is found.
   827  */
   829  */
   828 function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999) {
   830 function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999) {
   829 	global $db;
   831 	global $db;
   830 	if (is_numeric($id)) {
   832 	if (is_numeric($id)) {
   831 		if ($_SESSION[$id."_ispartial"] == 1) {
   833 		if ((isset($_SESSION[$id."_ispartial"])) && ($_SESSION[$id."_ispartial"] == 1)) {
   832 			$db->setLimit($rowamount, $rowstart);
   834 			$db->setLimit($rowamount, $rowstart);
   833 			$result = $db->query("SELECT record_owners.record_id as id
   835 			$result = $db->query("SELECT record_owners.record_id as id
   834 					FROM record_owners,domains,records
   836 					FROM record_owners,domains,records
   835 					WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"]) . "
   837 					WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"]) . "
   836 					AND record_owners.record_id = records.id
   838 					AND record_owners.record_id = records.id
   905 	
   907 	
   906 	global $db;
   908 	global $db;
   907 
   909 
   908 	$holy_grail = trim($holy_grail);
   910 	$holy_grail = trim($holy_grail);
   909 
   911 
   910 	if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; }
   912 	$sql_add_from = '';
   911 	elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; }
   913 	$sql_add_where = '';
       
   914 
       
   915 	$return_zones = array();
       
   916 	$return_records = array();
       
   917 
       
   918 	if (verify_permission('zone_content_view_others')) { $perm_view = "all" ; }
       
   919 	elseif (verify_permission('zone_content_view_own')) { $perm_view = "own" ; }
   912 	else { $perm_view = "none" ; }
   920 	else { $perm_view = "none" ; }
   913 
   921 
   914 	if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; }
   922 	if (verify_permission('zone_content_edit_others')) { $perm_content_edit = "all" ; }
   915 	elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; }
   923 	elseif (verify_permission('zone_content_edit_own')) { $perm_content_edit = "own" ; }
   916 	else { $perm_content_edit = "none" ; }
   924 	else { $perm_content_edit = "none" ; }
   917 
   925 
   918 	// Search for matching domains
   926 	// Search for matching domains
   919 
       
   920 	if ($perm == "own") {
   927 	if ($perm == "own") {
   921 		$sql_add_from = ", zones ";
   928 		$sql_add_from = ", zones ";
   922 		$sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($userid);
   929 		$sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($userid);
   923 	}
   930 	}
   924 	
   931