| changeset 65 | ce1c4d5e1576 |
| parent 63 | d76966db18e5 |
| child 71 | e1b918eaf69a |
| 64:dab0e9deeb67 | 65:ce1c4d5e1576 |
|---|---|
35 * NOTICE: Serial number *will* be RFC1912 compilant after update |
35 * NOTICE: Serial number *will* be RFC1912 compilant after update |
36 * NOTICE: This function will allow only 100 DNS zone transfers ;-) |
36 * NOTICE: This function will allow only 100 DNS zone transfers ;-) |
37 * YYYYMMDDnn |
37 * YYYYMMDDnn |
38 */ |
38 */ |
39 |
39 |
40 $sqlq = "SELECT notified_serial FROM domains WHERE id = '".$domain_id."'"; |
40 $sqlq = "SELECT notified_serial FROM domains WHERE id = ".$db->quote($domain_id); |
41 $notified_serial = $db->queryOne($sqlq); |
41 $notified_serial = $db->queryOne($sqlq); |
42 |
42 |
43 $sqlq = "SELECT content FROM records WHERE type = 'SOA' AND domain_id = '".$domain_id."'"; |
43 $sqlq = "SELECT content FROM records WHERE type = 'SOA' AND domain_id = ".$db->quote($domain_id); |
44 $content = $db->queryOne($sqlq); |
44 $content = $db->queryOne($sqlq); |
45 $need_to_update = false; |
45 $need_to_update = false; |
46 |
46 |
47 // Getting the serial field. |
47 // Getting the serial field. |
48 $soa = explode(" ", $content); |
48 $soa = explode(" ", $content); |
99 // build new soa and update SQL after that |
99 // build new soa and update SQL after that |
100 for ($i = 0; $i < count($soa); $i++) |
100 for ($i = 0; $i < count($soa); $i++) |
101 { |
101 { |
102 $new_soa .= $soa[$i] . " "; |
102 $new_soa .= $soa[$i] . " "; |
103 } |
103 } |
104 $sqlq = "UPDATE records SET content = '".$new_soa."' WHERE domain_id = '".$domain_id."' AND type = 'SOA'"; |
104 $sqlq = "UPDATE records SET content = ".$db->quote($new_soa)." WHERE domain_id = ".$db->quote($domain_id)." AND type = 'SOA'"; |
105 $db->Query($sqlq); |
105 $db->Query($sqlq); |
106 return true; |
106 return true; |
107 } |
107 } |
108 } |
108 } |
109 |
109 |
126 } |
126 } |
127 if (is_numeric($zoneid)) |
127 if (is_numeric($zoneid)) |
128 { |
128 { |
129 validate_input($zoneid, $type, $content, $name, $prio, $ttl); |
129 validate_input($zoneid, $type, $content, $name, $prio, $ttl); |
130 $change = time(); |
130 $change = time(); |
131 $db->query("UPDATE records set name='$name', type='$type', content='$content', ttl='$ttl', prio='$prio', change_date='$change' WHERE id=$recordid"); |
131 $db->query("UPDATE records set name=".$db->quote($name).", type=".$db->quote($type).", content=".$db->quote($content).", ttl=".$db->quote($ttl).", prio=".$db->quote($prio).", change_date=".$db->quote($change)." WHERE id=".$db->quote($recordid)); |
132 |
132 |
133 /* |
133 /* |
134 * Added by DeViCeD - Update SOA Serial number |
134 * Added by DeViCeD - Update SOA Serial number |
135 * There should be more checks |
135 * There should be more checks |
136 */ |
136 */ |
155 { |
155 { |
156 error(ERR_RECORD_ACCESS_DENIED); |
156 error(ERR_RECORD_ACCESS_DENIED); |
157 } |
157 } |
158 if (is_numeric($zoneid) || is_numeric($userid) || is_numeric($recordid)) |
158 if (is_numeric($zoneid) || is_numeric($userid) || is_numeric($recordid)) |
159 { |
159 { |
160 $db->query("INSERT INTO record_owners (user_id, record_id) VALUES ('".$userid."','".$recordid."')"); |
160 $db->query("INSERT INTO record_owners (user_id, record_id) VALUES (".$db->quote($userid).", ".$db->quote($recordid).")"); |
161 return true; |
161 return true; |
162 } |
162 } |
163 else |
163 else |
164 { |
164 { |
165 error(sprintf(ERR_INV_ARGC, "add_record_owner", "at least one of the arguments is not numeric")); |
165 error(sprintf(ERR_INV_ARGC, "add_record_owner", "at least one of the arguments is not numeric")); |
173 { |
173 { |
174 error(ERR_RECORD_ACCESS_DENIED); |
174 error(ERR_RECORD_ACCESS_DENIED); |
175 } |
175 } |
176 if (is_numeric($zoneid) || is_numeric($rowid) || is_numeric($recordid)) |
176 if (is_numeric($zoneid) || is_numeric($rowid) || is_numeric($recordid)) |
177 { |
177 { |
178 $db->query("DELETE FROM record_owners WHERE id='".$rowid."' AND record_id='".$recordid."'"); |
178 $db->query("DELETE FROM record_owners WHERE id=".$db->quote($rowid)." AND record_id=".$db->quote($recordid)); |
179 return true; |
179 return true; |
180 } |
180 } |
181 else |
181 else |
182 { |
182 { |
183 error(sprintf(ERR_INV_ARGC, "delete_record_owner", "at least one of the arguments is not numeric")); |
183 error(sprintf(ERR_INV_ARGC, "delete_record_owner", "at least one of the arguments is not numeric")); |
204 |
204 |
205 // Generate new timestamp for the daemon |
205 // Generate new timestamp for the daemon |
206 $change = time(); |
206 $change = time(); |
207 |
207 |
208 // Execute query. |
208 // Execute query. |
209 $db->query("INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES ($zoneid, '$name', '$type', '$content', $ttl, '$prio', $change)"); |
209 $db->query("INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (".$db->quote($zoneid).", ".$db->quote($name).", ".$db->quote($type).", ".$db->quote($content).", ".$db->quote($ttl).", ".$db->quote($prio).", ".$db->quote($change).")"); |
210 if ($type != 'SOA') |
210 if ($type != 'SOA') |
211 { |
211 { |
212 update_soa_serial($zoneid); |
212 update_soa_serial($zoneid); |
213 } |
213 } |
214 return true; |
214 return true; |
239 { |
239 { |
240 error(sprintf(ERR_INV_ARGC, "add_supermaster", "supermaster already exists")); |
240 error(sprintf(ERR_INV_ARGC, "add_supermaster", "supermaster already exists")); |
241 } |
241 } |
242 else |
242 else |
243 { |
243 { |
244 $db->query("INSERT INTO supermasters VALUES ('$master_ip', '$ns_name', '$account')"); |
244 $db->query("INSERT INTO supermasters VALUES (".$db->quote($master_ip).", ".$db->quote($ns_name).", ".$db->quote($account).")"); |
245 return true; |
245 return true; |
246 } |
246 } |
247 } |
247 } |
248 |
248 |
249 function delete_supermaster($master_ip) |
249 function delete_supermaster($master_ip) |
253 { |
253 { |
254 error(ERR_LEVEL_5); |
254 error(ERR_LEVEL_5); |
255 } |
255 } |
256 if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) |
256 if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) |
257 { |
257 { |
258 $db->query("DELETE FROM supermasters WHERE ip = '$master_ip'"); |
258 $db->query("DELETE FROM supermasters WHERE ip = ".$db->quote($master_ip)); |
259 return true; |
259 return true; |
260 } |
260 } |
261 else |
261 else |
262 { |
262 { |
263 error(sprintf(ERR_INV_ARGC, "delete_supermaster", "No or no valid ipv4 or ipv6 address given.")); |
263 error(sprintf(ERR_INV_ARGC, "delete_supermaster", "No or no valid ipv4 or ipv6 address given.")); |
271 { |
271 { |
272 error(ERR_LEVEL_5); |
272 error(ERR_LEVEL_5); |
273 } |
273 } |
274 if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) |
274 if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) |
275 { |
275 { |
276 $result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = '$master_ip'"); |
276 $result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = ".$db->quote($master_ip)); |
277 |
277 |
278 $ret = array( |
278 $ret = array( |
279 "master_ip" => $result["ip"], |
279 "master_ip" => $result["ip"], |
280 "ns_name" => $result["nameserver"], |
280 "ns_name" => $result["nameserver"], |
281 "account" => $result["account"] |
281 "account" => $result["account"] |
318 |
318 |
319 } |
319 } |
320 if (is_numeric($id)) |
320 if (is_numeric($id)) |
321 { |
321 { |
322 $did = recid_to_domid($id); |
322 $did = recid_to_domid($id); |
323 $db->query('DELETE FROM records WHERE id=' . $id ); |
323 $db->query('DELETE FROM records WHERE id=' . $db->quote($id) ); |
324 if ($type != 'SOA') |
324 if ($type != 'SOA') |
325 { |
325 { |
326 update_soa_serial($did); |
326 update_soa_serial($did); |
327 } |
327 } |
328 // $id doesnt exist in database anymore so its deleted or just not there which means "true" |
328 // $id doesnt exist in database anymore so its deleted or just not there which means "true" |
366 // THAN |
366 // THAN |
367 // Continue this function |
367 // Continue this function |
368 if (($domain && $owner && $webip && $mailip) || ($empty && $owner && $domain) || (eregi('in-addr.arpa', $domain) && $owner) || $type=="SLAVE" && $domain && $owner && $slave_master) |
368 if (($domain && $owner && $webip && $mailip) || ($empty && $owner && $domain) || (eregi('in-addr.arpa', $domain) && $owner) || $type=="SLAVE" && $domain && $owner && $slave_master) |
369 { |
369 { |
370 // First insert zone into domain table |
370 // First insert zone into domain table |
371 $db->query("INSERT INTO domains (name, type) VALUES ('$domain', '$type')"); |
371 $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain).", ".$db->quote($type).")"); |
372 |
372 |
373 // Determine id of insert zone (in other words, find domain_id) |
373 // Determine id of insert zone (in other words, find domain_id) |
374 $iddomain = $db->lastInsertId('domains', 'id'); |
374 $iddomain = $db->lastInsertId('domains', 'id'); |
375 if (PEAR::isError($iddomain)) { |
375 if (PEAR::isError($iddomain)) { |
376 die($id->getMessage()); |
376 die($id->getMessage()); |
377 } |
377 } |
378 |
378 |
379 // Second, insert into zones tables |
379 // Second, insert into zones tables |
380 $db->query("INSERT INTO zones (domain_id, owner) VALUES ('$iddomain', $owner)"); |
380 $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($iddomain).", ".$db->quote($owner).")"); |
381 |
381 |
382 if ($type == "SLAVE") |
382 if ($type == "SLAVE") |
383 { |
383 { |
384 $db->query("UPDATE domains SET master = '$slave_master' WHERE id = '$iddomain';"); |
384 $db->query("UPDATE domains SET master = ".$db->quote($slave_master)." WHERE id = ".$db->quote($iddomain)); |
385 |
385 |
386 // Done |
386 // Done |
387 return true; |
387 return true; |
388 } |
388 } |
389 else |
389 else |
398 $ns1 = $GLOBALS["NS1"]; |
398 $ns1 = $GLOBALS["NS1"]; |
399 $hm = $GLOBALS["HOSTMASTER"]; |
399 $hm = $GLOBALS["HOSTMASTER"]; |
400 $ttl = $GLOBALS["DEFAULT_TTL"]; |
400 $ttl = $GLOBALS["DEFAULT_TTL"]; |
401 |
401 |
402 // Build and execute query |
402 // Build and execute query |
403 $sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES ('$iddomain', '$domain', '$ns1 $hm 1', 'SOA', $ttl, 0, '$now')"; |
403 $sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (".$db->quote($iddomain).", ".$db->quote($domain).", ".$db->quote($ns1.' '.$hm.' 1').", 'SOA', ".$db->quote($ttl).", 0, ".$db->quote($now).")"; |
404 $db->query($sql); |
404 $db->query($sql); |
405 |
405 |
406 // Done |
406 // Done |
407 return true; |
407 return true; |
408 } |
408 } |
428 if (!$ttl) |
428 if (!$ttl) |
429 { |
429 { |
430 $ttl = $GLOBALS["DEFAULT_TTL"]; |
430 $ttl = $GLOBALS["DEFAULT_TTL"]; |
431 } |
431 } |
432 |
432 |
433 $sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES ('$iddomain', '$name','$content','$type','$ttl','$prio','$now')"; |
433 $sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (".$db->quote($iddomain).", ".$db->quote($name).", ".$db->quote($content).", ".$db->quote($type).", ".$db->quote($ttl).", ".$db->quote($prio).", ".$db->quote($now).")"; |
434 $db->query($sql); |
434 $db->query($sql); |
435 } |
435 } |
436 } |
436 } |
437 // All done. |
437 // All done. |
438 return true; |
438 return true; |
464 } |
464 } |
465 |
465 |
466 // See if the ID is numeric. |
466 // See if the ID is numeric. |
467 if (is_numeric($id)) |
467 if (is_numeric($id)) |
468 { |
468 { |
469 $db->query("DELETE FROM zones WHERE domain_id=$id"); |
469 $db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id)); |
470 $db->query("DELETE FROM domains WHERE id=$id"); |
470 $db->query("DELETE FROM domains WHERE id=".$db->quote($id)); |
471 $db->query("DELETE FROM records WHERE domain_id=$id"); |
471 $db->query("DELETE FROM records WHERE domain_id=".$db->quote($id)); |
472 // Nothing in the database. If the delete deleted 0 records it means the id is just not there. |
472 // Nothing in the database. If the delete deleted 0 records it means the id is just not there. |
473 // therefore the is no need to check the affectedRows values. |
473 // therefore the is no need to check the affectedRows values. |
474 return true; |
474 return true; |
475 } |
475 } |
476 else |
476 else |
487 function recid_to_domid($id) |
487 function recid_to_domid($id) |
488 { |
488 { |
489 global $db; |
489 global $db; |
490 if (is_numeric($id)) |
490 if (is_numeric($id)) |
491 { |
491 { |
492 $result = $db->query("SELECT domain_id FROM records WHERE id=$id"); |
492 $result = $db->query("SELECT domain_id FROM records WHERE id=".$db->quote($id)); |
493 $r = $result->fetchRow(); |
493 $r = $result->fetchRow(); |
494 return $r["domain_id"]; |
494 return $r["domain_id"]; |
495 } |
495 } |
496 else |
496 else |
497 { |
497 { |
565 error(ERR_LEVEL_5); |
565 error(ERR_LEVEL_5); |
566 } |
566 } |
567 |
567 |
568 if (is_numeric($domain) && is_numeric($newowner) && is_valid_user($newowner)) |
568 if (is_numeric($domain) && is_numeric($newowner) && is_valid_user($newowner)) |
569 { |
569 { |
570 if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=$newowner AND domain_id=$domain") == 0) |
570 if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($newowner)." AND domain_id=".$db->quote($domain)) == 0) |
571 { |
571 { |
572 $db->query("INSERT INTO zones (domain_id, owner) VALUES($domain, $newowner)"); |
572 $db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($domain).", ".$db->quote($newowner).")"); |
573 } |
573 } |
574 return true; |
574 return true; |
575 } |
575 } |
576 else |
576 else |
577 { |
577 { |
581 |
581 |
582 |
582 |
583 function delete_owner($domain, $owner) |
583 function delete_owner($domain, $owner) |
584 { |
584 { |
585 global $db; |
585 global $db; |
586 if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=$owner AND domain_id=$domain") != 0) |
586 if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($owner)." AND domain_id=".$db->quote($domain)) != 0) |
587 { |
587 { |
588 $db->query("DELETE FROM zones WHERE owner=$owner AND domain_id=$domain"); |
588 $db->query("DELETE FROM zones WHERE owner=".$db->quote($owner)." AND domain_id=".$db->quote($domain)); |
589 } |
589 } |
590 return true; |
590 return true; |
591 } |
591 } |
592 |
592 |
593 /* |
593 /* |
619 } |
619 } |
620 |
620 |
621 // Get the domain id. |
621 // Get the domain id. |
622 $domid = recid_to_domid($recid); |
622 $domid = recid_to_domid($recid); |
623 |
623 |
624 $result = $db->query("select id, type from records where domain_id=$recid and type='$type'"); |
624 $result = $db->query("select id, type from records where domain_id=".$db->quote($recid)." and type=".$db->quote($type)); |
625 return $result; |
625 return $result; |
626 } |
626 } |
627 |
627 |
628 |
628 |
629 /* |
629 /* |
633 function get_recordtype_from_id($id) |
633 function get_recordtype_from_id($id) |
634 { |
634 { |
635 global $db; |
635 global $db; |
636 if (is_numeric($id)) |
636 if (is_numeric($id)) |
637 { |
637 { |
638 $result = $db->query("SELECT type FROM records WHERE id=$id"); |
638 $result = $db->query("SELECT type FROM records WHERE id=".$db->quote($id)); |
639 $r = $result->fetchRow(); |
639 $r = $result->fetchRow(); |
640 return $r["type"]; |
640 return $r["type"]; |
641 } |
641 } |
642 else |
642 else |
643 { |
643 { |
653 function get_name_from_record_id($id) |
653 function get_name_from_record_id($id) |
654 { |
654 { |
655 global $db; |
655 global $db; |
656 if (is_numeric($id)) |
656 if (is_numeric($id)) |
657 { |
657 { |
658 $result = $db->query("SELECT name FROM records WHERE id=$id"); |
658 $result = $db->query("SELECT name FROM records WHERE id=".$db->quote($id)); |
659 $r = $result->fetchRow(); |
659 $r = $result->fetchRow(); |
660 return $r["name"]; |
660 return $r["name"]; |
661 } |
661 } |
662 else |
662 else |
663 { |
663 { |
683 $res_full = $db->query("SELECT |
683 $res_full = $db->query("SELECT |
684 domains.id AS domain_id, |
684 domains.id AS domain_id, |
685 domains.name AS name |
685 domains.name AS name |
686 FROM domains |
686 FROM domains |
687 LEFT JOIN zones ON domains.id=zones.domain_id |
687 LEFT JOIN zones ON domains.id=zones.domain_id |
688 WHERE owner=$id"); |
688 WHERE owner=".$db->quote($id)); |
689 |
689 |
690 // Process the output. |
690 // Process the output. |
691 |
691 |
692 $numrows = $res_full->numRows(); |
692 $numrows = $res_full->numRows(); |
693 $i=1; |
693 $i=1; |
708 // Create AND NOT for query of zones the user has |
708 // Create AND NOT for query of zones the user has |
709 // only partial access to. In that query we just |
709 // only partial access to. In that query we just |
710 // want to see the zones he has not full access to |
710 // want to see the zones he has not full access to |
711 // as well. |
711 // as well. |
712 |
712 |
713 $andnot.=$r["domain_id"]; |
713 $andnot.=$db->quote($r["domain_id"]); |
714 if ($i < $numrows) { |
714 if ($i < $numrows) { |
715 $andnot.=","; |
715 $andnot.=","; |
716 $i++; |
716 $i++; |
717 } |
717 } |
718 |
718 |
728 |
728 |
729 $res_partial = $db->query("SELECT DISTINCT |
729 $res_partial = $db->query("SELECT DISTINCT |
730 records.domain_id, |
730 records.domain_id, |
731 domains.name |
731 domains.name |
732 FROM records, record_owners, domains |
732 FROM records, record_owners, domains |
733 WHERE record_owners.user_id = '".$id."' |
733 WHERE record_owners.user_id = ".$db->quote($id)." |
734 AND records.id = record_owners.record_id |
734 AND records.id = record_owners.record_id |
735 AND domains.id = records.domain_id |
735 AND domains.id = records.domain_id |
736 ".$andnot.";"); |
736 ".$andnot); |
737 |
737 |
738 // Add these zones to the array as well. |
738 // Add these zones to the array as well. |
739 |
739 |
740 while ($r = $res_partial->fetchRow()) |
740 while ($r = $res_partial->fetchRow()) |
741 { |
741 { |
766 { |
766 { |
767 error(ERR_RECORD_ACCESS_DENIED); |
767 error(ERR_RECORD_ACCESS_DENIED); |
768 } |
768 } |
769 if (is_numeric($id)) |
769 if (is_numeric($id)) |
770 { |
770 { |
771 $result = $db->query("SELECT name FROM domains WHERE id=$id"); |
771 $result = $db->query("SELECT name FROM domains WHERE id=".$db->quote($id)); |
772 if ($result->numRows() == 1) |
772 if ($result->numRows() == 1) |
773 { |
773 { |
774 $r = $result->fetchRow(); |
774 $r = $result->fetchRow(); |
775 return $r["name"]; |
775 return $r["name"]; |
776 } |
776 } |
808 domains.name AS name, |
808 domains.name AS name, |
809 users.fullname AS owner, |
809 users.fullname AS owner, |
810 count(record_owners.id) AS aantal |
810 count(record_owners.id) AS aantal |
811 FROM domains, users, record_owners, records |
811 FROM domains, users, record_owners, records |
812 |
812 |
813 WHERE record_owners.user_id = ".$_SESSION["userid"]." |
813 WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." |
814 AND record_owners.record_id = records.id |
814 AND record_owners.record_id = records.id |
815 AND records.domain_id = ".$id." |
815 AND records.domain_id = ".$db->quote($id)." |
816 |
816 |
817 GROUP BY domains.name, owner, users.fullname, domains.type |
817 GROUP BY domains.name, owner, users.fullname, domains.type |
818 ORDER BY domains.name"; |
818 ORDER BY domains.name"; |
819 |
819 |
820 $result = $db->queryRow($sqlq); |
820 $result = $db->queryRow($sqlq); |
881 { |
881 { |
882 error(ERR_LEVEL_5); |
882 error(ERR_LEVEL_5); |
883 } |
883 } |
884 if (is_valid_domain($domain)) |
884 if (is_valid_domain($domain)) |
885 { |
885 { |
886 $result = $db->query("SELECT id FROM domains WHERE name='$domain'"); |
886 $result = $db->query("SELECT id FROM domains WHERE name=".$db->quote($domain)); |
887 if ($result->numRows() == 0) |
887 if ($result->numRows() == 0) |
888 { |
888 { |
889 return false; |
889 return false; |
890 } |
890 } |
891 elseif ($result->numRows() >= 1) |
891 elseif ($result->numRows() >= 1) |
930 { |
930 { |
931 error(ERR_LEVEL_5); |
931 error(ERR_LEVEL_5); |
932 } |
932 } |
933 if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) |
933 if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) |
934 { |
934 { |
935 $result = $db->query("SELECT ip FROM supermasters WHERE ip = '$master_ip'"); |
935 $result = $db->query("SELECT ip FROM supermasters WHERE ip = ".$db->quote($master_ip)); |
936 if ($result->numRows() == 0) |
936 if ($result->numRows() == 0) |
937 { |
937 { |
938 return false; |
938 return false; |
939 } |
939 } |
940 elseif ($result->numRows() >= 1) |
940 elseif ($result->numRows() >= 1) |
959 { |
959 { |
960 global $db; |
960 global $db; |
961 global $sql_regexp; |
961 global $sql_regexp; |
962 if((!level(5) || !$userid) && !level(10) && !level(5)) |
962 if((!level(5) || !$userid) && !level(10) && !level(5)) |
963 { |
963 { |
964 $add = " AND zones.owner=".$_SESSION["userid"]; |
964 $add = " AND zones.owner=".$db->quote($_SESSION["userid"]); |
965 } |
965 } |
966 else |
966 else |
967 { |
967 { |
968 $add = ""; |
968 $add = ""; |
969 } |
969 } |
975 FROM domains |
975 FROM domains |
976 LEFT JOIN zones ON domains.id=zones.domain_id |
976 LEFT JOIN zones ON domains.id=zones.domain_id |
977 LEFT JOIN records ON records.domain_id=domains.id |
977 LEFT JOIN records ON records.domain_id=domains.id |
978 WHERE 1=1 $add "; |
978 WHERE 1=1 $add "; |
979 if ($letterstart!=all && $letterstart!=1) { |
979 if ($letterstart!=all && $letterstart!=1) { |
980 $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." '^".$letterstart."' "; |
980 $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letterstart); |
981 } elseif ($letterstart==1) { |
981 } elseif ($letterstart==1) { |
982 $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; |
982 $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; |
983 } |
983 } |
984 $sqlq.=" GROUP BY domainname, domains.id |
984 $sqlq.=" GROUP BY domainname, domains.id |
985 ORDER BY domainname |
985 ORDER BY domainname"; |
986 LIMIT $rowamount OFFSET $rowstart"; |
986 |
987 |
987 $db->setLimit($rowstart, $rowamount); |
988 $result = $db->query($sqlq); |
988 $result = $db->query($sqlq); |
989 // Set limit needs to be called before each query |
|
990 $db->setLimit($rowstart, $rowamount); |
|
989 $result2 = $db->query($sqlq); |
991 $result2 = $db->query($sqlq); |
990 |
992 |
991 $numrows = $result2->numRows(); |
993 $numrows = $result2->numRows(); |
992 $i=1; |
994 $i=1; |
993 if ($numrows > 0) { |
995 if ($numrows > 0) { |
994 $andnot=" AND NOT domains.id IN ("; |
996 $andnot=" AND NOT domains.id IN ("; |
995 while($r = $result2->fetchRow()) { |
997 while($r = $result2->fetchRow()) { |
996 $andnot.=$r["domain_id"]; |
998 $andnot.=$db->quote($r["domain_id"]); |
997 if ($i < $numrows) { |
999 if ($i < $numrows) { |
998 $andnot.=","; |
1000 $andnot.=","; |
999 $i++; |
1001 $i++; |
1000 } |
1002 } |
1001 } |
1003 } |
1010 |
1012 |
1011 $sqlq = "SELECT domains.id AS domain_id, |
1013 $sqlq = "SELECT domains.id AS domain_id, |
1012 count(DISTINCT record_owners.record_id) AS aantal, |
1014 count(DISTINCT record_owners.record_id) AS aantal, |
1013 domains.name AS domainname |
1015 domains.name AS domainname |
1014 FROM domains, record_owners,records, zones |
1016 FROM domains, record_owners,records, zones |
1015 WHERE record_owners.user_id = '".$_SESSION["userid"]."' |
1017 WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." |
1016 AND (records.id = record_owners.record_id |
1018 AND (records.id = record_owners.record_id |
1017 AND domains.id = records.domain_id) |
1019 AND domains.id = records.domain_id) |
1018 $andnot |
1020 $andnot |
1019 AND domains.name LIKE '".$letterstart."%' |
1021 AND domains.name LIKE ".$db->quote($letterstart."%")." |
1020 AND (zones.domain_id != records.domain_id AND zones.owner!='".$_SESSION["userid"]."') |
1022 AND (zones.domain_id != records.domain_id AND zones.owner!=".$db->quote($_SESSION["userid"]).") |
1021 GROUP BY domainname, domains.id |
1023 GROUP BY domainname, domains.id |
1022 ORDER BY domainname"; |
1024 ORDER BY domainname"; |
1023 |
1025 |
1024 $result_extra = $db->query($sqlq); |
1026 $result_extra = $db->query($sqlq); |
1025 |
1027 |
1027 |
1029 |
1028 $sqlq = "SELECT domains.id AS domain_id, |
1030 $sqlq = "SELECT domains.id AS domain_id, |
1029 count(DISTINCT record_owners.record_id) AS aantal, |
1031 count(DISTINCT record_owners.record_id) AS aantal, |
1030 domains.name AS domainname |
1032 domains.name AS domainname |
1031 FROM domains, record_owners,records, zones |
1033 FROM domains, record_owners,records, zones |
1032 WHERE record_owners.user_id = '".$_SESSION["userid"]."' |
1034 WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." |
1033 AND (records.id = record_owners.record_id |
1035 AND (records.id = record_owners.record_id |
1034 AND domains.id = records.domain_id) |
1036 AND domains.id = records.domain_id) |
1035 $andnot |
1037 $andnot |
1036 AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]' |
1038 AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]' |
1037 AND (zones.domain_id != records.domain_id AND zones.owner!='".$_SESSION["userid"]."') |
1039 AND (zones.domain_id != records.domain_id AND zones.owner!=".$db->quote($_SESSION["userid"]).") |
1038 GROUP BY domainname, domains.id |
1040 GROUP BY domainname, domains.id |
1039 ORDER BY domainname"; |
1041 ORDER BY domainname"; |
1040 |
1042 |
1041 $result_extra[$i] = $db->query($sqlq); |
1043 $result_extra[$i] = $db->query($sqlq); |
1042 |
1044 |
1107 global $db; |
1109 global $db; |
1108 global $sql_regexp; |
1110 global $sql_regexp; |
1109 if((!level(5) || !$userid) && !level(10) && !level(5)) |
1111 if((!level(5) || !$userid) && !level(10) && !level(5)) |
1110 { |
1112 { |
1111 // First select the zones for which we have ownership on one or more records. |
1113 // First select the zones for which we have ownership on one or more records. |
1112 $query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$_SESSION['userid'].' AND records.id = record_owners.record_id'; |
1114 $query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$db->quote($_SESSION['userid']).' AND records.id = record_owners.record_id'; |
1113 $result = $db->query($query); |
1115 $result = $db->query($query); |
1114 $zones = array(); |
1116 $zones = array(); |
1115 if (!PEAR::isError($result)) { |
1117 if (!PEAR::isError($result)) { |
1116 $zones = $result->fetchCol(); |
1118 $zones = $result->fetchCol(); |
1117 } |
1119 } |
1118 |
1120 |
1119 $add = " AND (zones.owner=".$_SESSION["userid"]; |
1121 $add = " AND (zones.owner=".$db->quote($_SESSION["userid"]); |
1120 if (count($zones) > 0) { |
1122 if (count($zones) > 0) { |
1121 $add .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; |
1123 $add .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; |
1122 |
1124 |
1123 } |
1125 } |
1124 $add .= ')'; |
1126 $add .= ')'; |
1127 { |
1129 { |
1128 $add = ""; |
1130 $add = ""; |
1129 } |
1131 } |
1130 |
1132 |
1131 if ($letterstart!=all && $letterstart!=1) { |
1133 if ($letterstart!=all && $letterstart!=1) { |
1132 $add .=" AND domains.name LIKE '".$letterstart."%' "; |
1134 $add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; |
1133 } elseif ($letterstart==1) { |
1135 } elseif ($letterstart==1) { |
1134 $add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; |
1136 $add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; |
1135 } |
1137 } |
1136 |
1138 |
1137 if (level(5)) |
1139 if (level(5)) |
1154 function get_record_from_id($id) |
1156 function get_record_from_id($id) |
1155 { |
1157 { |
1156 global $db; |
1158 global $db; |
1157 if (is_numeric($id)) |
1159 if (is_numeric($id)) |
1158 { |
1160 { |
1159 $result = $db->query("SELECT id, domain_id, name, type, content, ttl, prio, change_date FROM records WHERE id=$id"); |
1161 $result = $db->query("SELECT id, domain_id, name, type, content, ttl, prio, change_date FROM records WHERE id=".$db->quote($id)); |
1160 if($result->numRows() == 0) |
1162 if($result->numRows() == 0) |
1161 { |
1163 { |
1162 return -1; |
1164 return -1; |
1163 } |
1165 } |
1164 elseif ($result->numRows() == 1) |
1166 elseif ($result->numRows() == 1) |
1197 { |
1199 { |
1198 global $db; |
1200 global $db; |
1199 if (is_numeric($id)) |
1201 if (is_numeric($id)) |
1200 { |
1202 { |
1201 if ($_SESSION[$id."_ispartial"] == 1) { |
1203 if ($_SESSION[$id."_ispartial"] == 1) { |
1202 |
1204 $db->setLimit($rowstart, $rowamount); |
1203 $result = $db->query("SELECT record_owners.record_id as id |
1205 $result = $db->query("SELECT record_owners.record_id as id |
1204 FROM record_owners,domains,records |
1206 FROM record_owners,domains,records |
1205 WHERE record_owners.user_id = ".$_SESSION["userid"]." |
1207 WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." |
1206 AND record_owners.record_id = records.id |
1208 AND record_owners.record_id = records.id |
1207 AND records.domain_id = ".$id." |
1209 AND records.domain_id = ".$db->quote($id)." |
1208 GROUP bY record_owners.record_id |
1210 GROUP bY record_owners.record_id"); |
1209 LIMIT $rowamount OFFSET $rowstart"); |
|
1210 |
1211 |
1211 $ret = array(); |
1212 $ret = array(); |
1212 if($result->numRows() == 0) |
1213 if($result->numRows() == 0) |
1213 { |
1214 { |
1214 return -1; |
1215 return -1; |
1225 } |
1226 } |
1226 return $ret; |
1227 return $ret; |
1227 } |
1228 } |
1228 |
1229 |
1229 } else { |
1230 } else { |
1230 |
1231 $db->setLimit($rowstart, $rowamount); |
1231 $result = $db->query("SELECT id FROM records WHERE domain_id=$id LIMIT $rowamount OFFSET $rowstart"); |
1232 $result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id)); |
1232 $ret = array(); |
1233 $ret = array(); |
1233 if($result->numRows() == 0) |
1234 if($result->numRows() == 0) |
1234 { |
1235 { |
1235 return -1; |
1236 return -1; |
1236 } |
1237 } |
1257 |
1258 |
1258 |
1259 |
1259 function get_users_from_domain_id($id) |
1260 function get_users_from_domain_id($id) |
1260 { |
1261 { |
1261 global $db; |
1262 global $db; |
1262 $result = $db->queryCol("SELECT owner FROM zones WHERE domain_id=$id"); |
1263 $result = $db->queryCol("SELECT owner FROM zones WHERE domain_id=".$db->quote($id)); |
1263 $ret = array(); |
1264 $ret = array(); |
1264 foreach($result as $uid) |
1265 foreach($result as $uid) |
1265 { |
1266 { |
1266 $fullname = $db->queryOne("SELECT fullname FROM users WHERE id=$uid"); |
1267 $fullname = $db->queryOne("SELECT fullname FROM users WHERE id=".$db->quote($uid)); |
1267 $ret[] = array( |
1268 $ret[] = array( |
1268 "id" => $uid, |
1269 "id" => $uid, |
1269 "fullname" => $fullname |
1270 "fullname" => $fullname |
1270 ); |
1271 ); |
1271 } |
1272 } |
1279 |
1280 |
1280 if (is_valid_search($question)) |
1281 if (is_valid_search($question)) |
1281 { |
1282 { |
1282 $sqlq = "SELECT * |
1283 $sqlq = "SELECT * |
1283 FROM records |
1284 FROM records |
1284 WHERE content LIKE '".$question."' |
1285 WHERE content LIKE ".$db->quote($question)." |
1285 OR name LIKE '".$question."' |
1286 OR name LIKE ".$db->quote($question)." |
1286 ORDER BY type DESC"; |
1287 ORDER BY type DESC"; |
1287 $result = $db->query($sqlq); |
1288 $result = $db->query($sqlq); |
1288 $ret_r = array(); |
1289 $ret_r = array(); |
1289 while ($r = $result->fetchRow()) |
1290 while ($r = $result->fetchRow()) |
1290 { |
1291 { |
1305 |
1306 |
1306 $sqlq = "SELECT domains.id, domains.name, count(records.id) AS numrec, zones.owner, records.domain_id |
1307 $sqlq = "SELECT domains.id, domains.name, count(records.id) AS numrec, zones.owner, records.domain_id |
1307 FROM domains, records, zones |
1308 FROM domains, records, zones |
1308 WHERE domains.id = records.domain_id |
1309 WHERE domains.id = records.domain_id |
1309 AND zones.domain_id = domains.id |
1310 AND zones.domain_id = domains.id |
1310 AND domains.name LIKE '".$question."' |
1311 AND domains.name LIKE ".$db->quote($question)." |
1311 GROUP BY domains.id, domains.name, zones.owner, records.domain_id"; |
1312 GROUP BY domains.id, domains.name, zones.owner, records.domain_id"; |
1312 $result = $db->query($sqlq); |
1313 $result = $db->query($sqlq); |
1313 $ret_d = array(); |
1314 $ret_d = array(); |
1314 while ($r = $result->fetchRow()) |
1315 while ($r = $result->fetchRow()) |
1315 { |
1316 { |
1335 function get_domain_type($id) |
1336 function get_domain_type($id) |
1336 { |
1337 { |
1337 global $db; |
1338 global $db; |
1338 if (is_numeric($id)) |
1339 if (is_numeric($id)) |
1339 { |
1340 { |
1340 $type = $db->queryOne("SELECT type FROM domains WHERE id = '".$id."'"); |
1341 $type = $db->queryOne("SELECT type FROM domains WHERE id = ".$db->quote($id)); |
1341 if($type == "") |
1342 if($type == "") |
1342 { |
1343 { |
1343 $type = "NATIVE"; |
1344 $type = "NATIVE"; |
1344 } |
1345 } |
1345 return $type; |
1346 return $type; |
1353 function get_domain_slave_master($id) |
1354 function get_domain_slave_master($id) |
1354 { |
1355 { |
1355 global $db; |
1356 global $db; |
1356 if (is_numeric($id)) |
1357 if (is_numeric($id)) |
1357 { |
1358 { |
1358 $slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = '".$id."'"); |
1359 $slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = ".$db->quote($id)); |
1359 return $slave_master; |
1360 return $slave_master; |
1360 } |
1361 } |
1361 else |
1362 else |
1362 { |
1363 { |
1363 error(sprintf(ERR_INV_ARG, "get_domain_slave_master", "no or no valid zoneid given")); |
1364 error(sprintf(ERR_INV_ARG, "get_domain_slave_master", "no or no valid zoneid given")); |
1375 // fiedl, but it is cleaner anyway. |
1376 // fiedl, but it is cleaner anyway. |
1376 if ($type != "SLAVE") |
1377 if ($type != "SLAVE") |
1377 { |
1378 { |
1378 $add = ", master=''"; |
1379 $add = ", master=''"; |
1379 } |
1380 } |
1380 $result = $db->query("UPDATE domains SET type = '" .$type. "'".$add." WHERE id = '".$id."'"); |
1381 $result = $db->query("UPDATE domains SET type = " .$db->quote($type). $add." WHERE id = ".$db->quote($id)); |
1381 } |
1382 } |
1382 else |
1383 else |
1383 { |
1384 { |
1384 error(sprintf(ERR_INV_ARG, "change_domain_type", "no or no valid zoneid given")); |
1385 error(sprintf(ERR_INV_ARG, "change_domain_type", "no or no valid zoneid given")); |
1385 } |
1386 } |
1390 global $db; |
1391 global $db; |
1391 if (is_numeric($id)) |
1392 if (is_numeric($id)) |
1392 { |
1393 { |
1393 if (is_valid_ip($slave_master) || is_valid_ip6($slave_master)) |
1394 if (is_valid_ip($slave_master) || is_valid_ip6($slave_master)) |
1394 { |
1395 { |
1395 $result = $db->query("UPDATE domains SET master = '" .$slave_master. "' WHERE id = '".$id."'"); |
1396 $result = $db->query("UPDATE domains SET master = " .$db->quote($slave_master). " WHERE id = ".$db->quote($id)); |
1396 } |
1397 } |
1397 else |
1398 else |
1398 { |
1399 { |
1399 error(sprintf(ERR_INV_ARGC, "change_domain_slave_master", "This is not a valid IPv4 or IPv6 address: $slave_master")); |
1400 error(sprintf(ERR_INV_ARGC, "change_domain_slave_master", "This is not a valid IPv4 or IPv6 address: $slave_master")); |
1400 } |
1401 } |