[feladat @ 187]
Bugfix. Corrected field order of insert of new zones.
<?php/* PowerAdmin, a friendly web-based admin tool for PowerDNS. * See <https://rejo.zenger.nl/poweradmin> for more details. * * Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */require_once("inc/toolkit.inc.php");/* * Function to see if user has right to do something. It will check if * user has "ueberuser" bit set. If it isn't, it will check if the user has * the specific permission. It returns "false" if the user doesn't have the * right, and "true" if the user has. */functionverify_permission($permission){global$db;if((!isset($_SESSION['userid']))||(!is_object($db))){return0;}// Set current user ID.$userid=$_SESSION['userid'];// Find the template ID that this user has been assigned.$query="SELECT perm_templ FROM users WHERE id = ".$db->quote($userid);$templ_id=$db->queryOne($query);// Does this user have ueberuser rights?$query="SELECT id FROM perm_templ_items WHERE templ_id = ".$db->quote($templ_id)." AND perm_id = '53'";$result=$db->query($query);if($result->numRows()>0){return1;}// Find the permission ID for the requested permission.$query="SELECT id FROM perm_items WHERE name = ".$db->quote($permission);$perm_id=$db->queryOne($query);// Check if the permission ID is assigned to the template ID. $query="SELECT id FROM perm_templ_items WHERE templ_id = ".$db->quote($templ_id)." AND perm_id = ".$db->quote($perm_id);$result=$db->query($query);if($result->numRows()>0){return1;}else{return0;}}functionlist_permission_templates(){global$db;$query="SELECT * FROM perm_templ";$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}$template_list=array();while($template=$result->fetchRow()){$tempate_list[]=array("id"=>$template['id'],"name"=>$template['name'],"descr"=>$template['descr']);}return$tempate_list;}/* * Retrieve all users. * Its to show_users therefore the odd name. Has to be changed. * return values: an array with all users in it. */functionshow_users($id='',$rowstart=0,$rowamount=9999999){global$db;$add='';if(is_numeric($id)){//When a user id is given, it is excluded from the userlist returned.$add=" WHERE users.id!=".$db->quote($id);}// Make a huge query.$sqlq="SELECT users.id AS id, users.username AS username, users.fullname AS fullname, users.email AS email, users.description AS description, users.active AS active, users.perm_templ AS perm_templ, count(zones.owner) AS aantal FROM users LEFT JOIN zones ON users.id=zones.owner$add GROUP BY users.id, users.username, users.fullname, users.email, users.description, users.perm_templ, users.active ORDER BY users.fullname";// Execute the huge query.$db->setLimit($rowamount,$rowstart);$result=$db->query($sqlq);$ret=array();$retcount=0;while($r=$result->fetchRow()){$ret[]=array("id"=>$r["id"],"username"=>$r["username"],"fullname"=>$r["fullname"],"email"=>$r["email"],"description"=>$r["description"],"level"=>$r["level"],"active"=>$r["active"],"numdomains"=>$r["aantal"]);}return$ret;}/* * Check if the given $userid is connected to a valid user. * return values: true if user exists, false if users doesnt exist. */functionis_valid_user($id){global$db;if(is_numeric($id)){$result=$db->query("SELECT id FROM users WHERE id=".$db->quote($id));if($result->numRows()==1){returntrue;}else{returnfalse;}}}/* * Checks if a given username exists in the database. * return values: true if exists, false if not. */functionuser_exists($user){global$db;$result=$db->query("SELECT id FROM users WHERE username=".$db->quote($user));if($result->numRows()==0){returnfalse;}elseif($result->numRows()==1){returntrue;}else{error(ERR_UNKNOWN);}}/* * Delete a user from the system * return values: true if user doesnt exist. */functiondelete_user($uid,$zones){global$db;if(($uid!=$_SESSION['userid']&&!verify_permission(user_edit_others))||($uid==$_SESSION['userid']&&!verify_permission(user_edit_own))){error(ERR_PERM_DEL_USER);returnfalse;}else{if(is_array($zones)){foreach($zonesas$zone){if($zone['target']=="delete"){delete_domain($zone['zid']);}elseif($zone['target']=="new_owner"){add_owner_to_zone($zone['zid'],$zone['newowner']);}}}$query="DELETE FROM zones WHERE owner = ".$db->quote($uid);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}$query="DELETE FROM users WHERE id = ".$db->quote($uid);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}}returntrue;}/* * Edit the information of an user.. sloppy implementation with too many queries.. (2) :) * return values: true if succesful */functionedit_user($id,$user,$fullname,$email,$perm_templ,$description,$active,$password){global$db;verify_permission(user_edit_own)?$perm_edit_own="1":$perm_edit_own="0";verify_permission(user_edit_others)?$perm_edit_others="1":$perm_edit_others="0";if(($id==$_SESSION["userid"]&&$perm_edit_own=="1")||($id!=$_SESSION["userid"]&&$perm_edit_others=="1")){if(!is_valid_email($email)){error(ERR_INV_EMAIL);returnfalse;}if($active!=1){$active=0;}// Before updating the database we need to check whether the user wants to // change the username. If the user wants to change the username, we need // to make sure it doesn't already exists. //// First find the current username of the user ID we want to change. If the // current username is not the same as the username that was given by the // user, the username should apparantly changed. If so, check if the "new" // username already exists.$query="SELECT username FROM users WHERE id = ".$db->quote($id);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}$usercheck=array();$usercheck=$result->fetchRow();if($usercheck['username']!=$user){// Username of user ID in the database is different from the name// we have been given. User wants a change of username. Now, make// sure it doesn't already exist.$query="SELECT id FROM users WHERE username = ".$db->quote($user);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}if($result->numRows()>0){error(ERR_USER_EXIST);returnfalse;}}// So, user doesn't want to change username or, if he wants, there is not// another user that goes by the wanted username. So, go ahead!$query="UPDATE users SET username = ".$db->quote($user).", fullname = ".$db->quote($fullname).", email = ".$db->quote($email).", perm_templ = ".$db->quote($perm_templ).", description = ".$db->quote($description).", active = ".$db->quote($active);if($password!=""){$query.=", password = ".$db->quote(md5($password));}$query.=" WHERE id = ".$db->quote($id);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}}else{error(ERR_PERM_EDIT_USER);returnfalse;}returntrue;}/* * Change the pass of the user. * The user is automatically logged out after the pass change. * return values: none. */functionchange_user_pass($details){global$db;if($details['newpass']!=$details['newpass2']){error(ERR_USER_MATCH_NEW_PASS);returnfalse;}$query="SELECT id, password FROM users WHERE username = ".$db->quote($_SESSION["userlogin"]);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}$rinfo=$result->fetchRow();if(md5($details['currentpass'])==$rinfo['password']){$query="UPDATE users SET password = ".$db->quote(md5($details['newpass']))." WHERE id = ".$db->quote($rinfo['id']);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}logout(_('Password has been changed, please login.'));}else{error(ERR_USER_WRONG_CURRENT_PASS);returnfalse;}}/* * Get a fullname when you have a userid. * return values: gives the fullname from a userid. */functionget_fullname_from_userid($id){global$db;if(is_numeric($id)){$result=$db->query("SELECT fullname FROM users WHERE id=".$db->quote($id));$r=$result->fetchRow();return$r["fullname"];}else{error(ERR_INV_ARG);returnfalse;}}/* * Get a fullname when you have a userid. * return values: gives the fullname from a userid. */functionget_owner_from_id($id){global$db;if(is_numeric($id)){$result=$db->query("SELECT fullname FROM users WHERE id=".$db->quote($id));if($result->numRows()==1){$r=$result->fetchRow();return$r["fullname"];}else{error(ERR_USER_NOT_EXIST);}}error(ERR_INV_ARG);}/** * get_owners_from_domainid * * @todo also fetch the subowners * @param $id integer the id of the domain * @return String the list of owners for this domain */functionget_fullnames_owners_from_domainid($id){global$db;if(is_numeric($id)){$result=$db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=".$db->quote($id)." AND zones.owner=users.id ORDER by fullname");if($result->numRows()==0){return"";}else{$names=array();while($r=$result->fetchRow()){$names[]=$r['fullname'];}returnimplode(', ',$names);}}error(ERR_INV_ARG);}functionverify_user_is_owner_zoneid($zoneid){global$db;$userid=$_SESSION["userid"];if(is_numeric($zoneid)){$result=$db->query("SELECT zones.id FROM zones WHERE zones.owner = ".$db->quote($userid)." AND zones.domain_id = ".$db->quote($zoneid));if($result->numRows()==0){return"0";}else{return"1";}}error(ERR_INV_ARG);}functionget_user_detail_list($specific){global$db;$userid=$_SESSION['userid'];if(v_num($specific)){$sql_add="AND users.id = ".$db->quote($specific);}else{if(verify_permission(user_view_others)){$sql_add="";}else{$sql_add="AND users.id = ".$db->quote($userid);}}$query="SELECT users.id AS uid, username, fullname, email, description AS descr, active, perm_templ.id AS tpl_id, perm_templ.name AS tpl_name, perm_templ.descr AS tpl_descr FROM users, perm_templ WHERE users.perm_templ = perm_templ.id ".$sql_add." ORDER BY username";$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}while($user=$result->fetchRow()){$userlist[]=array("uid"=>$user['uid'],"username"=>$user['username'],"fullname"=>$user['fullname'],"email"=>$user['email'],"descr"=>$user['descr'],"active"=>$user['active'],"tpl_id"=>$user['tpl_id'],"tpl_name"=>$user['tpl_name'],"tpl_descr"=>$user['tpl_descr']);}return$userlist;}// Get a list of permissions that are available. If first argument is "0", it// should return all available permissions. If the first argument is > "0", it// should return the permissions assigned to that particular template only. If// second argument is true, only the permission names are returned.functionget_permissions_by_template_id($templ_id=0,$return_name_only=false){global$db;if($templ_id>0){$limit=", perm_templ_items WHERE perm_templ_items.templ_id = ".$db->quote($templ_id)." AND perm_templ_items.perm_id = perm_items.id";}$query="SELECT perm_items.id AS id, perm_items.name AS name, perm_items.descr AS descr FROM perm_items".$limit." ORDER BY descr";$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}$permission_list=array();while($permission=$result->fetchRow()){if($return_name_only==false){$permission_list[]=array("id"=>$permission['id'],"name"=>$permission['name'],"descr"=>$permission['descr']);}else{$permission_list[]=$permission['name'];}}return$permission_list;}// Get name and description of template based on template ID.functionget_permission_template_details($templ_id){global$db;$query="SELECT * FROM perm_templ WHERE perm_templ.id = ".$db->quote($templ_id);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}while($details=$result->fetchRow()){$detail_list[]=array("name"=>$details['name'],"descr"=>$details['descr']);}return$detail_list;}// Get a list of all available permission templates.functionget_list_permission_templates(){global$db;$query="SELECT * FROM perm_templ";$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}$perm_templ_list=array();while($perm_templ=$result->fetchRow()){$perm_templ_list[]=array("id"=>$perm_templ['id'],"name"=>$perm_templ['name'],"descr"=>$perm_templ['descr']);}return$perm_templ_list;}// Add a permission template.functionadd_perm_templ($details){global$db;// Fix permission template name and description first. $query="INSERT INTO perm_templ VALUES ( '', ".$db->quote($details['templ_name']).", ".$db->quote($details['templ_descr']).")";$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}$perm_templ_id=$db->lastInsertId('perm_templ','id');foreach($details['perm_id']AS$perm_id){$r_insert_values[]="('',".$db->quote($perm_templ_id).",".$db->quote($perm_id).")";}$query="INSERT INTO perm_templ_items VALUES ".implode(',',$r_insert_values);$result=$db->query($query);if(pear::iserror($response)){error($response->getmessage());returnfalse;}returntrue;}// Update all details of a permission template.functionupdate_perm_templ_details($details){global$db;// Fix permission template name and description first. $query="UPDATE perm_templ SET name = ".$db->quote($details['templ_name']).", descr = ".$db->quote($details['templ_descr'])." WHERE id = ".$db->quote($details['templ_id']);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}// Now, update list of permissions assigned to this template. We could do // this The Correct Way [tm] by comparing the list of permissions that are// currently assigned with a list of permissions that should be assigned and// apply the difference between these two lists to the database. That sounds // like to much work. Just delete all the permissions currently assigned to // the template, than assign all the permessions the template should have.$query="DELETE FROM perm_templ_items WHERE templ_id = ".$details['templ_id'];$result=$db->query($query);if(pear::iserror($response)){error($response->getmessage());returnfalse;}foreach($details['perm_id']AS$perm_id){$r_insert_values[]="('',".$db->quote($details['templ_id']).",".$db->quote($perm_id).")";}$query="INSERT INTO perm_templ_items VALUES ".implode(',',$r_insert_values);$result=$db->query($query);if(pear::iserror($response)){error($response->getmessage());returnfalse;}returntrue;}functionupdate_user_details($details){global$db;verify_permission(user_edit_own)?$perm_edit_own="1":$perm_edit_own="0";verify_permission(user_edit_others)?$perm_edit_others="1":$perm_edit_others="0";if(($details['uid']==$_SESSION["userid"]&&$perm_edit_own=="1")||($details['uid']!=$_SESSION["userid"]&&$perm_edit_others=="1")){if(!is_valid_email($details['email'])){error(ERR_INV_EMAIL);returnfalse;}if(!isset($details['active'])||$details['active']!="on"){$active=0;}else{$active=1;}// Before updating the database we need to check whether the user wants to // change the username. If the user wants to change the username, we need // to make sure it doesn't already exists. //// First find the current username of the user ID we want to change. If the // current username is not the same as the username that was given by the // user, the username should apparantly changed. If so, check if the "new" // username already exists.$query="SELECT username FROM users WHERE id = ".$db->quote($details['uid']);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}$usercheck=array();$usercheck=$result->fetchRow();if($usercheck['username']!=$details['username']){// Username of user ID in the database is different from the name// we have been given. User wants a change of username. Now, make// sure it doesn't already exist.$query="SELECT id FROM users WHERE username = ".$db->quote($details['username']);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}if($result->numRows()>0){error(ERR_USER_EXIST);returnfalse;}}// So, user doesn't want to change username or, if he wants, there is not// another user that goes by the wanted username. So, go ahead!$query="UPDATE users SET username = ".$db->quote($details['username']).", fullname = ".$db->quote($details['fullname']).", email = ".$db->quote($details['email']).", perm_templ = ".$db->quote($details['templ_id']).", description = ".$db->quote($details['descr']).", active = ".$db->quote($active);// TODO Check if function works if password is set too.if($details['password']!=""){$query.=", password = '".md5($db->quote($details['password']))."' ";}$query.=" WHERE id = ".$db->quote($details['uid']);$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}}else{error(ERR_PERM_EDIT_USER);returnfalse;}returntrue;}// Add a new userfunctionadd_new_user($details){global$db;if(!verify_permission(user_add_new)){error(ERR_PERM_ADD_USER);}elseif(user_exists($details['username'])){error(ERR_USER_EXISTS);}elseif(!is_valid_email($details['email'])){error(ERR_INV_EMAIL);}elseif($details['active']==1){$active=1;}else{$active=0;}$query="INSERT INTO users VALUES ( "."'', ".$db->quote($details['username']).", ".$db->quote(md5($details['password'])).", ".$db->quote($details['fullname']).", ".$db->quote($details['email']).", ".$db->quote($details['descr']).", ".$db->quote($details['perm_templ']).", ".$db->quote($active).")";$result=$db->query($query);if(PEAR::isError($response)){error($response->getMessage());returnfalse;}returntrue;}?>