[feladat @ 84]
Bugfix. The function zone_count() now also counts zones an owner has
only partial access to, not just those zones the owner has full access
to. This fixes just the count, the zones a user has partial access to
are not (yet!) shown in the "list zones" page.
Bugfix. In the zone listing the "edit" button is now show for users
with access level 1. Untill now they were presented an overview of the
zones they could change, but there was no link for them to actually
edit the zone.
Bugfix. Some of the buttons in the "edit zone" interface that are of
no use to a user with access level 1 have been hidden.
Bugfix. Make sure a user with access level 1 with only partial access
to a zone cannot add new records to that zone. Only the zone owner
should be able to add new record.
Bugfix. If a user with access level 1 edits a record in a zone he has
only partial access to, an error was shown because of call to a non-
existing function in the PEAR:MDB2. This bug was most likely
introduced while migrating from PEAR:DB to PEAR:MDB2.
Bugfix. A user with access level 1 was able to delete all records of a
zone he has only partial access to. Some additional checks have been
added.
Bugfix. If a user with accees level 1 has partial access to one or
more zones starting with a certain character, but did not own at least
one entire zone starting with the same character, the character wasn't
clickable in the "list zone" page.
Interface. If no record or zone id is given for delete_record.php or
delete_domain.php, don't just die but echo a nice message. The i18n
files have not yet been updated to reflect this change.
Interface. If no master IP is given in delete_supermaster.php, don't
just die but echo a nice message. The i18n files have not yet been
updated to reflect this change.
[All fixes by Peter Beernink.]
<?php
// addslashes to vars if magic_quotes_gpc is off
function slash_input_data(&$data)
{
if ( is_array($data) )
{
foreach ( $data as $k => $v )
{
$data[$k] = ( is_array($v) ) ? slash_input_data($v) : addslashes($v);
}
}
return $data;
}
set_magic_quotes_runtime(0);
// If magic quotes is off, addslashes
if ( !get_magic_quotes_gpc() )
{
$_GET = slash_input_data($_GET);
$_POST = slash_input_data($_POST);
$_COOKIE = slash_input_data($_COOKIE);
}
error_reporting(E_ALL);
if(!@require_once("inc/config.inc.php"))
{
error("You have to create a config.inc.php!");
}
include_once("inc/header.inc.php");
$sup_types = array('mysql');
function error($msg=false)
{
// General function for printing critical errors.
if ($msg)
{
?>
<P><TABLE CLASS="error"><TR><TD CLASS="error"><H2><? echo _('Oops! An error occured!'); ?></H2>
<BR>
<FONT STYLE="font-weight: Bold"><?= nl2br($msg) ?><BR><BR><a href="javascript:history.go(-1)"><< back</a></FONT><BR></TABLE>
<?
die();
}
else
{
die("No error specified!");
}
}
if(isset($_POST["submit"]))
{
//$dbtype = $_POST["dbtype"];
require_once("inc/database.inc.php");
if($dbdsntype == "mysql")
{
$sqlusers = "CREATE TABLE users (
id int(11) NOT NULL auto_increment,
username varchar(16) NOT NULL default '',
password varchar(34) NOT NULL default '',
fullname varchar(255) NOT NULL default '',
email varchar(255) NOT NULL default '',
description text NOT NULL,
level tinyint(3) NOT NULL default '0',
active tinyint(1) NOT NULL default '0',
PRIMARY KEY (id)
) TYPE=InnoDB";
$sqlzones = "CREATE TABLE zones (
id int(11) NOT NULL auto_increment,
domain_id int(11) NOT NULL default '0',
owner int(11) NOT NULL default '0',
comment text,
PRIMARY KEY (id)
) TYPE=InnoDB";
$sqlrecowns = "CREATE TABLE record_owners (
id int(11) NOT NULL auto_increment,
user_id int(11) NOT NULL default '0',
record_id int(11) NOT NULL default '0',
PRIMARY KEY (id)
) TYPE=InnoDB";
}
// PGSQL Is trivial still, the relations are different.
if($dbdsntype == "pgsql")
{
$sqlusers = "CREATE TABLE users (
id SERIAL PRIMARY KEY,
username varchar(16) NOT NULL,
password varchar(255) NOT NULL,
fullname varchar(255) NOT NULL,
email varchar(255) NOT NULL,
description text NOT NULL,
level smallint DEFAULT 0,
active smallint DEFAULT 0
)";
$sqlzones = "CREATE TABLE zones (
id SERIAL PRIMARY KEY,
name varchar(255) NOT NULL,
owner smallint NOT NULL,
comment text NULL
)";
$sqlrecowns = "CREATE TABLE record_owners (
id SERIAL PRIMARY KEY,
user_id smallint NOT NULL,
record_id smallint NOT NULL
)";
}
if(!empty($_POST['login']) && !empty($_POST['password']) && !empty($_POST['fullname']) && !empty($_POST['email']))
{
// Declare default tables.
// It just tries to rough create. If it flunks.. bad a user exists or the dbase exists.
$resusers = $db->query($sqlusers);
if($db->isError($resusers))
{
error("Can not create table users in $dbdatabase");
}
$reszones = $db->query($sqlzones);
if($db->isError($reszones))
{
error("Can not create zones table in $dbdatabase");
}
$reszones = $db->query($sqlrecowns);
if($db->isError($reszones))
{
error("Can not create record_owners table in $dbdatabase");
}
$sqlinsert = "INSERT INTO
users
(username, password, fullname, email, description, level, active)
VALUES (
'". $_POST['login'] ."',
'". md5(stripslashes($_POST['password'])) ."',
'". $_POST["fullname"] ."',
'". $_POST["email"] ."',
'". $_POST["description"] ."',
10,
1)";
$resadmin = $db->query($sqlinsert);
if($db->isError($resadmin))
{
error("Can not add the admin to database $dbdatabase.users");
}
else
{
?>
<h2><? echo _('PowerAdmin has succesfully been installed.'); ?></h2>
<br />
<? echo _('Remove this file (install.php) from your webdir.'); ?><br />
<b><? echo _('WARNING'); ?>:</b> <? echo _('PowerAdmin will not work until you delete install.php'); ?><br />
<br />
<? echo _('You can click'); ?> <a href="index.php">here</a> <? echo _('to start using PowerAdmin'); ?>
</BODY></HTML>
<?php
die();
}
}
else
{
echo "<DIV CLASS=\"warning\">" . _('You didnt fill in one of the required fields!') . "</DIV>";
}
}
else
{
?>
<H2><? echo _('PowerAdmin for PowerDNS'); ?></H2>
<BR>
<B><? echo _('This config file will setup your database to be ready for PowerAdmin. Please fill in the next fields which will create an
administrator login.'); ?><BR>
<? echo _('Fields marked with a'); ?> <FONT COLOR="#FF0000">*</FONT> <? echo _('are required.'); ?>
</B><BR><BR>
<FORM METHOD="post">
<TABLE BORDER="0" CELLSPACING="4">
<TR><TD CLASS="tdbg"><? echo _('Login Name'); ?>:</TD><TD WIDTH="510" CLASS="tdbg"><INPUT TYPE="text" CLASS="input" NAME="login" VALUE=""> <FONT COLOR="#FF0000">*</FONT> </TD></TR>
<TR><TD CLASS="tdbg"><? echo _('Password'); ?>:</TD><TD WIDTH="510" CLASS="tdbg"><INPUT TYPE="password" CLASS="input" NAME="password" VALUE=""> <FONT COLOR="#FF0000">*</FONT> </TD></TR>
<TR><TD CLASS="tdbg"><? echo _('Full name'); ?>:</TD><TD WIDTH="510" CLASS="tdbg"><INPUT TYPE="text" CLASS="input" NAME="fullname" VALUE=""> <FONT COLOR="#FF0000">*</FONT> </TD></TR>
<TR><TD CLASS="tdbg"><? echo _('Email'); ?>:</TD><TD CLASS="tdbg"><INPUT TYPE="text" CLASS="input" NAME="email" VALUE=""> <FONT COLOR="#FF0000">*</FONT> </TD></TR>
<TR><TD CLASS="tdbg"><? echo _('Description'); ?>:</TD><TD CLASS="tdbg"><TEXTAREA ROWS="6" COLS="30" CLASS="inputarea" NAME="description"></TEXTAREA></TD></TR>
<TR><TD CLASS="tdbg"> </TD><TD CLASS="tdbg"><INPUT TYPE="submit" CLASS="button" NAME="submit" VALUE="<? echo _('Make Account'); ?>"></TD></TR>
</TABLE>
</FORM>
<BR><BR>
<FONT CLASS="footer"><B>PowerAdmin v1.0</B> Copyright ©2002 The
PowerAdmin Team</FONT></BODY></HTML><? } ?>