--- a/delete_record.php Wed Mar 12 20:45:56 2008 +0000
+++ b/delete_record.php Tue Mar 25 22:45:31 2008 +0000
@@ -20,42 +20,66 @@
*/
require_once("inc/toolkit.inc.php");
+include_once("inc/header.inc.php");
-if ($_GET["id"]) {
- // check if we have access to the given id
- $zoneId = recid_to_domid($_GET['id']);
- if ((!level(5)) && (!xs($zoneId))) {
- error(ERR_RECORD_ACCESS_DENIED);
- }
- if ((!level(5)) && ($_SESSION[$zoneId.'_ispartial'] == 1)) {
- $db->setLimit(1);
- $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id=".$db->quote($_GET["id"])." AND user_id=".$db->quote($_SESSION["userid"]));
- if (empty($checkPartial)) {
- error(ERR_RECORD_ACCESS_DENIED);
+$record_id = "-1";
+if (isset($_GET['id']) && v_num($_GET['id'])) {
+ $record_id = $_GET['id'];
+}
+
+
+$confirm = "-1";
+if ((isset($_GET['confirm']) && v_num($_GET['confirm'])
+ $confirm = $_GET['confirm'];
+}
+
+if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; }
+elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; }
+else { $perm_content_edit = "none" ; }
+
+$user_is_zone_owner = verify_user_is_owner_zoneid($_GET["domain"]);
+
+if ($record_id == "-1" ) {
+ if ($confirm == '1') {
+ if ( delete_record($record_id) ) {
+ success(SUC_RECORD_DEL);
}
- }
- if ($_GET["confirm"] == '0') {
- clean_page("edit.php?id=".$_GET["domain"]);
- } elseif ($_GET["confirm"] == '1') {
- delete_record($_GET["id"]);
- clean_page("edit.php?id=".$_GET["domain"]);
- }
- include_once("inc/header.inc.php");
- ?>
+ } else {
+ $zone_id = recid_to_domid($record_id);
+ $zone_name = get_domain_name_from_id($zone_id);
+ $user_is_zone_owner = verify_user_is_owner_zoneid($zone_id);
+ $record_info = get_record_from_id($record_id);
- <h2><?php echo _('Delete record'); ?> "<?php
- $data = get_record_from_id($_GET["id"]);
- print $data["name"]." IN ".$data["type"]." ".$data["content"];
- ?>"</h2><?php
- if (($data["type"] == "NS" && $data["name"] == get_domain_name_from_id($_GET["domain"])) || $data["type"] == "SOA") {
- print "<font class=\"warning\">" . _('You are trying to delete a record that is needed for this zone to work.') . "</font><br>";
+ echo " <h2>" . _('Delete record') . " in zone \"" . $zone_name . "\"</h2>\n";
+
+ if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) {
+ error(ERR_PERM_EDIT_RECORD);
+ } else {
+ echo " <table>\n";
+ echo " <tr>\n";
+ echo " <th>Name</th>\n";
+ echo " <th>Type</th>\n";
+ echo " <th>Content</th>\n";
+ echo " <th>Priority</th>\n";
+ echo " <th>TTL</th>\n";
+ echo " </tr>\n";
+ echo " <tr>\n";
+ echo " <td>" . $record_info['name'] . "</td>\n";
+ echo " <td>" . $record_info['type'] . "</td>\n";
+ echo " <td>" . $record_info['content'] . "</td>\n";
+ echo " <td>" . $record_info['priority'] . "</td>\n";
+ echo " <td>" . $record_info['ttl'] . "</td>\n";
+ echo " </tr>\n";
+ echo " </table>\n";
+ if (($record_info['type'] == 'NS' && $record_info['name'] == $zone_name) || $record_info['type'] == 'SOA') {
+ echo " <p>" . _('You are trying to delete a record that is needed for this zone to work.') . "</p>\n";
+ }
+ echo " <p>" . _('Are you sure?') . "</p>\n";
+ echo " <input type=\"button\" class=\"button\" OnClick=\"location.href='" . $_SERVER["REQUEST_URI"] . "&confirm=1'\" value=\"" . _('Yes') . "\">\n";
+ echo " <input type=\"button\" class=\"button\" OnClick=\"location.href='index.php'\" value=\"" . _('No') . "\">\n";
+ }
}
- ?><br><font class="warning"><?php echo _('Are you sure?'); ?></font><br><br>
- <input type="button" class="button" OnClick="location.href='<?php echo $_SERVER["REQUEST_URI"] ?>&confirm=1'" value="<?php echo _('Yes'); ?>">
- <input type="button" class="button" OnClick="location.href='<?php echo $_SERVER["REQUEST_URI"] ?>&confirm=0'" value="<?php echo _('No'); ?>">
- <?php
} else {
- include_once("inc/header.inc.php");
- echo _('Nothing to do!');
+ error(ERR_INV_INPUT);
}
include_once("inc/footer.inc.php");