--- a/add_record.php Wed Mar 12 20:45:56 2008 +0000
+++ b/add_record.php Tue Mar 25 22:45:31 2008 +0000
@@ -20,63 +20,111 @@
*/
require_once("inc/toolkit.inc.php");
+include_once("inc/header.inc.php");
-$xsid = (isset($_GET['id'])) ? $_GET['id'] : $_POST['zoneid'];
-if ((!level(5)) && ((!xs($xsid) || ($_SESSION[$xsid.'_ispartial'])))) {
- error(ERR_RECORD_ACCESS_DENIED);
+if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; }
+elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; }
+else { $perm_view = "none" ; }
+
+if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; }
+elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; }
+else { $perm_content_edit = "none" ; }
+
+if (verify_permission(zone_meta_edit_others)) { $perm_meta_edit = "all" ; }
+elseif (verify_permission(zone_meta_edit_own)) { $perm_meta_edit = "own" ; }
+else { $perm_meta_edit = "none" ; }
+
+$zone_id = "-1";
+if ((isset($_GET['id'])) && (v_num($_GET['id']))) {
+ $zone_id = $_GET['id'];
+}
+
+$ttl = $DEFAULT_TTL;
+if ((isset($_POST['ttl'])) && (v_num($_POST['ttl']))) {
+ $ttl = $_POST['ttl'];
}
-if (isset($_POST["commit"]) && isset($_POST['zoneid']) && isset($_POST['name']) && isset($_POST['type']) && isset($_POST['content']) && isset($_POST['ttl']) && isset($_POST['prio']) ) {
- $ret = add_record($_POST["zoneid"], $_POST["name"], $_POST["type"], $_POST["content"], $_POST["ttl"], $_POST["prio"]);
- if ($ret != '1') {
- die("$ret");
- }
- clean_page("edit.php?id=".$_POST["zoneid"]);
+$prio = "10";
+if ((isset($_GET['prio'])) && (v_num($_GET['prio']))) {
+ $prio = $_GET['prio'];
+}
+
+$name = $_POST['name'];
+$type = $_POST['type'];
+$content = $_POST['content'];
+
+if ($zone_id == "-1") {
+ error(ERR_INV_INPUT);
+ include_once("inc/footer.inc.php");
+ exit;
+}
+
+$user_is_zone_owner = verify_user_is_owner_zoneid($zone_id);
+$zone_type = get_domain_type($zone_id);
+$zone_name = get_domain_name_from_id($zone_id);
+
+if ($_POST["commit"]) {
+ if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) {
+ error(ERR_PERM_ADD_RECORD);
+ } else {
+ if ( add_record($zone_id, $name, $type, $content, $ttl, $prio)) {
+ success(_('The record was succesfully added.'));
+ unset($zone_id, $name, $type, $content, $ttl, $prio);
+ }
+ }
}
-include_once("inc/header.inc.php");
-?>
-
- <h2><?php echo _('Add record to zone'); ?> "<?php echo get_domain_name_from_id($_GET["id"]) ?>"</H2>
+echo " <h2>" . _('Add record in zone') . " " . $zone_name . "</h2>\n";
- <form method="post">
- <input type="hidden" name="zoneid" value="<?php echo $_GET["id"] ?>">
- <table border="0" cellspacing="4">
- <tr>
- <td class="n"><?php echo _('Name'); ?></td>
- <td class="n"> </td>
- <td class="n"><?php echo _('Type'); ?></td>
- <td class="n"><?php echo _('Priority'); ?></td>
- <td class="n"><?php echo _('Content'); ?></td>
- <td class="n"><?php echo _('TTL'); ?></td>
- </tr>
- <tr>
- <td class="n"><input type="text" name="name" class="input">.<?php echo get_domain_name_from_id($_GET["id"]) ?></td>
- <td class="n">IN</td>
- <td class="n">
- <select name="type">
-<?php
-$dname = get_domain_name_from_id($_GET["id"]);
-foreach (get_record_types() as $c) {
- if (eregi('in-addr.arpa', $dname) && strtoupper($c) == 'PTR') {
- $add = " SELECTED";
- } elseif (strtoupper($c) == 'A') {
- $add = " SELECTED";
- } else {
- $add = '';
- }
- ?><option<?php echo $add ?> value="<?php echo $c ?>"><?php echo $c ?></option><?php
+if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) {
+ error(ERR_PERM_ADD_RECORD);
+} else {
+ echo " <form method=\"post\">\n";
+ echo " <input type=\"hidden\" name=\"domain\" value=\"" . $zone_id . "\">\n";
+ echo " <table border=\"0\" cellspacing=\"4\">\n";
+ echo " <tr>\n";
+ echo " <td class=\"n\">" . _('Name') . "</td>\n";
+ echo " <td class=\"n\"> </td>\n";
+ echo " <td class=\"n\">" . _('Type') . "</td>\n";
+ echo " <td class=\"n\">" . _('Priority') . "</td>\n";
+ echo " <td class=\"n\">" . _('Content') . "</td>\n";
+ echo " <td class=\"n\">" . _('TTL') . "</td>\n";
+ echo " </tr>\n";
+ echo " <tr>\n";
+ echo " <td class=\"n\"><input type=\"text\" name=\"name\" class=\"input\" value=\"" . $name . "\">." . $zone_name . "</td>\n";
+ echo " <td class=\"n\">IN</td>\n";
+ echo " <td class=\"n\">\n";
+ echo " <select name=\"type\">\n";
+ foreach (get_record_types() as $record_type) {
+ if ($type) {
+ if ($type == $record_type) {
+ $add = " SELECTED";
+ } else {
+ unset ($add);
+ }
+ } else {
+ if (eregi('in-addr.arpa', $zone_name) && strtoupper($record_type) == 'PTR') {
+ $add = " SELECTED";
+ } elseif (strtoupper($record_type) == 'A') {
+ $add = " SELECTED";
+ } else {
+ unset($add);
+ }
+ }
+ echo " <option" . $add . " value=\"" . $record_type . "\">" . $record_type . "</option>\n";
+ }
+ echo " </select>\n";
+ echo " </td>\n";
+ echo " <td class=\"n\"><input type=\"text\" name=\"prio\" class=\"sinput\" value=\"" . $prio . "\"></td>\n";
+ echo " <td class=\"n\"><input type=\"text\" name=\"content\" class=\"input\" value=\"" . $content . "\"></td>\n";
+ echo " <td class=\"n\"><input type=\"text\" name=\"ttl\" class=\"sinput\" value=\"" . $ttl . "\"</td>\n";
+ echo " </tr>\n";
+ echo " </table>\n";
+ echo " <br>\n";
+ echo " <input type=\"submit\" name=\"commit\" value=\"" . _('Add record') . "\" class=\"button\">\n";
+ echo " </form>\n";
}
+
+include_once("inc/footer.inc.php");
+
?>
- </select>
- </td>
- <td class="n"><input type="text" name="prio" class="sinput"></td>
- <td class="n"><input type="text" name="content" class="input"></td>
- <td class="n"><input type="text" name="ttl" class="sinput" value="<?php echo $DEFAULT_TTL?>"></td>
- </tr>
- </table>
- <br>
- <input type="submit" name="commit" value="<?php echo _('Add record'); ?>" class="button">
- </form>
-
-<?php include_once("inc/footer.inc.php"); ?>