diff -r c72d6d51f3d3 -r c255196bc447 inc/record.inc.php --- a/inc/record.inc.php Wed Mar 12 20:45:56 2008 +0000 +++ b/inc/record.inc.php Tue Mar 25 22:45:31 2008 +0000 @@ -19,86 +19,59 @@ * along with this program. If not, see . */ +function count_zone_records($zone_id) { + global $db; + $sqlq = "SELECT COUNT(id) FROM records WHERE domain_id = ".$db->quote($zone_id); + $record_count = $db->queryOne($sqlq); + return $record_count; +} + function update_soa_serial($domain_id) { - global $db; - /* - * THIS CODE ISNT TESTED THROUGH MUCH YET! - * !!!!!!! BETACODE !!!!!!!!!! - * Code committed by DeViCeD, Thanks a lot! - * Heavily hax0red by Trancer/azurazu - * - * First we have to check, wheather current searial number - * was already updated on the other nameservers. - * If field 'notified_serial' is NULL, then I guess domain is - * NATIVE and we don't have any secondary nameservers for this domain. - * NOTICE: Serial number *will* be RFC1912 compilant after update - * NOTICE: This function will allow only 100 DNS zone transfers ;-) - * YYYYMMDDnn - */ + global $db; $sqlq = "SELECT notified_serial FROM domains WHERE id = ".$db->quote($domain_id); $notified_serial = $db->queryOne($sqlq); $sqlq = "SELECT content FROM records WHERE type = 'SOA' AND domain_id = ".$db->quote($domain_id); $content = $db->queryOne($sqlq); - $need_to_update = false; - + $need_to_update = false; + // Getting the serial field. $soa = explode(" ", $content); - - if(empty($notified_serial)) - { - // Ok native replication, so we have to update. - $need_to_update = true; - } - elseif($notified_serial >= $soa[2]) - { - $need_to_update = true; - } - elseif(strlen($soa[2]) != 10) - { - $need_to_update = true; - } - else - { - $need_to_update = false; - } - if($need_to_update) - { - // Ok so we have to update it seems. - $current_serial = $soa[2]; - - /* - * What we need here (for RFC1912) is YEAR, MONTH and DAY - * so let's get it ... - */ + + if(empty($notified_serial)) { + // Ok native replication, so we have to update. + $need_to_update = true; + } elseif($notified_serial >= $soa[2]) { + $need_to_update = true; + } elseif(strlen($soa[2]) != 10) { + $need_to_update = true; + } else { + $need_to_update = false; + } + + if($need_to_update) { + // Ok so we have to update it seems. + $current_serial = $soa[2]; $new_serial = date('Ymd'); // we will add revision number later - if(strncmp($new_serial, $current_serial, 8) === 0) - { - /* - * Ok, so we already made updates tonight - * let's just increase the revision number - */ - $revision_number = (int) substr($current_serial, -2); - if ($revision_number == 99) return false; // ok, we cannot update anymore tonight - ++$revision_number; - // here it is ... same date, new revision - $new_serial .= str_pad($revision_number, 2, "0", STR_PAD_LEFT); - } - else - { - /* + if(strncmp($new_serial, $current_serial, 8) === 0) { + $revision_number = (int) substr($current_serial, -2); + if ($revision_number == 99) return false; // ok, we cannot update anymore tonight + ++$revision_number; + // here it is ... same date, new revision + $new_serial .= str_pad($revision_number, 2, "0", STR_PAD_LEFT); + } else { + /* * Current serial is not RFC1912 compilant, so let's make a new one */ - $new_serial .= '00'; + $new_serial .= '00'; } - $soa[2] = $new_serial; // change serial in SOA array + $soa[2] = $new_serial; // change serial in SOA array $new_soa = ""; // build new soa and update SQL after that - for ($i = 0; $i < count($soa); $i++) - { + for ($i = 0; $i < count($soa); $i++) { $new_soa .= $soa[$i] . " "; } $sqlq = "UPDATE records SET content = ".$db->quote($new_soa)." WHERE domain_id = ".$db->quote($domain_id)." AND type = 'SOA'"; @@ -112,147 +85,123 @@ * This function validates it if correct it inserts it into the database. * return values: true if succesful. */ -function edit_record($recordid, $zoneid, $name, $type, $content, $ttl, $prio) -{ - global $db; - if($content == "") - { - error(ERR_RECORD_EMPTY_CONTENT); - } - // Edits the given record (validates specific stuff first) - if (!xs(recid_to_domid($recordid))) - { - error(ERR_RECORD_ACCESS_DENIED); +function edit_record($record) { + + if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } + elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + else { $perm_content_edit = "none" ; } + + $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']); + $zone_type = get_domain_type($record['zid']); + + if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) { + return _("You are not allowed to edit this record.") ; + } else { + if($record['content'] == "") { + return _("Error: content field may not be empty.") ; + } + global $db; + // TODO: no need to check for numeric-ness of zone id if we check with validate_input as well? + if (is_numeric($record['zid'])) { + validate_input($record['zid'], $record['type'], $record['content'], $record['name'], $record['prio'], $record['ttl']); + $query = "UPDATE records + SET name=".$db->quote($record['name']).", + type=".$db->quote($record['type']).", + content=".$db->quote($record['content']).", + ttl=".$db->quote($record['ttl']).", + prio=".$db->quote($record['prio']).", + change_date=".$db->quote(time())." + WHERE id=".$db->quote($record['rid']); + $result = $db->Query($query); + if (PEAR::isError($result)) { + error($result->getMessage()); + return false; + } elseif ($record['type'] != 'SOA') { + update_soa_serial($record['zid']); + } + return true; + } + else + { + // TODO change to error style as above (returning directly) + error(sprintf(ERR_INV_ARGC, "edit_record", "no zoneid given")); + } } - if (is_numeric($zoneid)) - { - validate_input($zoneid, $type, $content, $name, $prio, $ttl); - $change = time(); - $db->query("UPDATE records set name=".$db->quote($name).", type=".$db->quote($type).", content=".$db->quote($content).", ttl=".$db->quote($ttl).", prio=".$db->quote($prio).", change_date=".$db->quote($change)." WHERE id=".$db->quote($recordid)); - - /* - * Added by DeViCeD - Update SOA Serial number - * There should be more checks - */ - if ($type != 'SOA') - { - update_soa_serial($zoneid); - } - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "edit_record", "no zoneid given")); - } - + return true; } -function add_record_owner($zoneid,$userid,$recordid) -{ - global $db; - if (!xs($zoneid)) - { - error(ERR_RECORD_ACCESS_DENIED); - } - if (is_numeric($zoneid) || is_numeric($userid) || is_numeric($recordid)) - { - $db->query("INSERT INTO record_owners (user_id, record_id) VALUES (".$db->quote($userid).", ".$db->quote($recordid).")"); - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "add_record_owner", "at least one of the arguments is not numeric")); - } -} - -function delete_record_owner($zoneid,$rowid,$recordid) -{ - global $db; - if (!xs($zoneid)) - { - error(ERR_RECORD_ACCESS_DENIED); - } - if (is_numeric($zoneid) || is_numeric($rowid) || is_numeric($recordid)) - { - $db->query("DELETE FROM record_owners WHERE id=".$db->quote($rowid)." AND record_id=".$db->quote($recordid)); - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "delete_record_owner", "at least one of the arguments is not numeric")); - } -} - /* * Adds a record. * This function validates it if correct it inserts it into the database. * return values: true if succesful. */ -function add_record($zoneid, $name, $type, $content, $ttl, $prio) -{ - +function add_record($zoneid, $name, $type, $content, $ttl, $prio) { global $db; - if (!xs($zoneid)) - { - error(ERR_RECORD_ACCESS_DENIED); - } - if (is_numeric($zoneid)) - { - // Check the user input. - validate_input($zoneid, $type, $content, $name, $prio, $ttl); + + if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } + elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + else { $perm_content_edit = "none" ; } + + $user_is_zone_owner = verify_user_is_owner_zoneid($zoneid); + $zone_type = get_domain_type($zoneid); - // Generate new timestamp for the daemon - $change = time(); - - // Execute query. - $db->query("INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (".$db->quote($zoneid).", ".$db->quote($name).", ".$db->quote($type).", ".$db->quote($content).", ".$db->quote($ttl).", ".$db->quote($prio).", ".$db->quote($change).")"); - if ($type != 'SOA') - { - update_soa_serial($zoneid); + if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) { + error(ERR_PERM_ADD_RECORD); + return false; + } else { + if (validate_input($zoneid, $type, $content, $name, $prio, $ttl) ) { + $change = time(); + $query = "INSERT INTO records VALUES (''," + . $db->quote($zoneid) . "," + . $db->quote($name) . "," + . $db->quote($type) . "," + . $db->quote($content) . "," + . $db->quote($ttl) . "," + . $db->quote($prio) . "," + . $db->quote($change) . ")"; + $response = $db->query($query); + if (PEAR::isError($response)) { + error($response->getMessage()); + return false; + } else { + if ($type != 'SOA') { update_soa_serial($zoneid); } + return true; + } + } else { + return false; } return true; } - else - { - error(sprintf(ERR_INV_ARG, "add_record")); - } } function add_supermaster($master_ip, $ns_name, $account) { global $db; - if (!is_valid_ip($master_ip) && !is_valid_ip6($master_ip)) - { - error(sprintf(ERR_INV_ARGC, "add_supermaster", "No or no valid ipv4 or ipv6 address given.")); + if (!is_valid_ip($master_ip) && !is_valid_ip6($master_ip)) { + error(ERR_DNS_IP); + return false; } - if (!is_valid_hostname($ns_name)) - { + if (!is_valid_hostname($ns_name)) { error(ERR_DNS_HOSTNAME); + return false; } - if (!validate_account($account)) - { + if (!validate_account($account)) { error(sprintf(ERR_INV_ARGC, "add_supermaster", "given account name is invalid (alpha chars only)")); + return false; } - if (supermaster_exists($master_ip)) - { - error(sprintf(ERR_INV_ARGC, "add_supermaster", "supermaster already exists")); - } - else - { + if (supermaster_exists($master_ip)) { + error(ERR_SM_EXISTS); + return false; + } else { $db->query("INSERT INTO supermasters VALUES (".$db->quote($master_ip).", ".$db->quote($ns_name).", ".$db->quote($account).")"); return true; } } -function delete_supermaster($master_ip) -{ - global $db; - if (!level(5)) - { - error(ERR_LEVEL_5); - } +function delete_supermaster($master_ip) { + global $db; if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) { $db->query("DELETE FROM supermasters WHERE ip = ".$db->quote($master_ip)); @@ -267,10 +216,6 @@ function get_supermaster_info_from_ip($master_ip) { global $db; - if (!level(5)) - { - error(ERR_LEVEL_5); - } if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) { $result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = ".$db->quote($master_ip)); @@ -289,48 +234,57 @@ } } +function get_record_details_from_record_id($rid) { + + global $db; + + $query = "SELECT * FROM records WHERE id = " . $db->quote($rid) ; + + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + while ($r = $response->fetchRow()) { + $return[] = array( + "rid" => $r['id'], + "zid" => $r['domain_id'], + "name" => $r['name'], + "type" => $r['type'], + "content" => $r['content'], + "ttl" => $r['ttl'], + "prio" => $r['prio'], + "change_date" => $r['change_date']); + } + return $return; +} /* * Delete a record by a given id. * return values: true, this function is always succesful. */ -function delete_record($id) +function delete_record($rid) { global $db; - // Check if the user has access. - if (!xs(recid_to_domid($id))) - { - error(ERR_RECORD_ACCESS_DENIED); - } + if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } + elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + else { $perm_content_edit = "none" ; } - // Retrieve the type of record to see if we can actually remove it. - $recordtype = get_recordtype_from_id($id); + // Determine ID of zone first. + $record = get_record_details_from_record_id($rid); + $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']); - // If the record type is NS and the user tries to delete it while ALLOW_NS_EDIT is set to 0 - // OR - // check if the name of the record isnt the domain name (if so it should delete all records) - // OR - // check if we are dealing with a SOA field (same story as NS) - if (($recordtype == "NS" && $GLOBALS["ALLOW_NS_EDIT"] != 1 && (get_name_from_record_id($id) == get_domain_name_from_id(recid_to_domid($id)))) || ($recordtype == "SOA" && $GLOBALS["ALLOW_SOA_EDIT"] != 1)) - { - error(sprintf(ERR_RECORD_DELETE_TYPE_DENIED, $recordtype)); - - } - if (is_numeric($id)) - { - $did = recid_to_domid($id); - $db->query('DELETE FROM records WHERE id=' . $db->quote($id) ); - if ($type != 'SOA') - { - update_soa_serial($did); + if ( $perm_content_edit == "all" || ($perm_content_edit == "own" && $user_is_zone_owner == "0" )) { + if ($record['type'] == "SOA") { + error(_('You are trying to delete the SOA record. If are not allowed to remove it, unless you remove the entire zone.')); + } else { + $quote = "DELETE FROM records WHERE id = " . $db->quote($rid); + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + return true; } - // $id doesnt exist in database anymore so its deleted or just not there which means "true" - return true; - } - else - { - error(sprintf(ERR_INV_ARG, "delete_record")); + } else { + error(ERR_PERM_DEL_RECORD); + return false; } } @@ -348,104 +302,87 @@ */ function add_domain($domain, $owner, $webip, $mailip, $empty, $type, $slave_master) { + if(verify_permission(zone_master_add)) { $zone_master_add = "1" ; } ; + if(verify_permission(zone_slave_add)) { $zone_slave_add = "1" ; } ; - global $db; + // TODO: make sure only one is possible if only one is enabled + if($zone_master_add == "1" || $zone_master_add == "1") { - if (!level(5)) - { - error(ERR_LEVEL_5); - } + global $db; + if (($domain && $owner && $webip && $mailip) || + ($empty && $owner && $domain) || + (eregi('in-addr.arpa', $domain) && $owner) || + $type=="SLAVE" && $domain && $owner && $slave_master) { + + $response = $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain).", ".$db->quote($type).")"); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } - // If domain, owner and mailip are given - // OR - // empty is given and owner and domain - // OR - // the domain is an arpa record and owner is given - // OR - // the type is slave, domain, owner and slave_master are given - // THAN - // Continue this function - if (($domain && $owner && $webip && $mailip) || ($empty && $owner && $domain) || (eregi('in-addr.arpa', $domain) && $owner) || $type=="SLAVE" && $domain && $owner && $slave_master) - { - // First insert zone into domain table - $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain).", ".$db->quote($type).")"); + $domain_id = $db->lastInsertId('domains', 'id'); + if (PEAR::isError($domain_id)) { error($id->getMessage()); return false; } + + $response = $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($domain_id).", ".$db->quote($owner).")"); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } - // Determine id of insert zone (in other words, find domain_id) - $iddomain = $db->lastInsertId('domains', 'id'); - if (PEAR::isError($iddomain)) { - die($id->getMessage()); - } - - // Second, insert into zones tables - $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($iddomain).", ".$db->quote($owner).")"); - - if ($type == "SLAVE") - { - $db->query("UPDATE domains SET master = ".$db->quote($slave_master)." WHERE id = ".$db->quote($iddomain)); - - // Done - return true; - } - else - { - // Generate new timestamp. We need this one anyhow. - $now = time(); + if ($type == "SLAVE") { + $response = $db->query("UPDATE domains SET master = ".$db->quote($slave_master)." WHERE id = ".$db->quote($domain_id)); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + return true; + } else { + $now = time(); + if ($empty && $domain_id) { + $ns1 = $GLOBALS['NS1']; + $hm = $GLOBALS['HOSTMASTER']; + $ttl = $GLOBALS['DEFAULT_TTL']; - if ($empty && $iddomain) - { - // If we come into this if statement we dont want to apply templates. - // Retrieve configuration settings. - $ns1 = $GLOBALS["NS1"]; - $hm = $GLOBALS["HOSTMASTER"]; - $ttl = $GLOBALS["DEFAULT_TTL"]; + $query = "INSERT INTO records VALUES (''," + . $db->quote($domain_id) . "," + . $db->quote($domain) . "," + . $db->quote($ns1.' '.$hm.' 1') + . ",'SOA'," + . $db->quote($ttl) + . ", 0, " + . $db->quote($now).")"; + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + } elseif ($domain_id) { + global $template; - // Build and execute query - $sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (".$db->quote($iddomain).", ".$db->quote($domain).", ".$db->quote($ns1.' '.$hm.' 1').", 'SOA', ".$db->quote($ttl).", 0, ".$db->quote($now).")"; - $db->query($sql); - - // Done - return true; - } - elseif ($iddomain) - { - // If we are here we want to apply templates. - global $template; + foreach ($template as $r) { + if ((eregi('in-addr.arpa', $domain) && ($r["type"] == "NS" || $r["type"] == "SOA")) || (!eregi('in-addr.arpa', $domain))) + { + $name = parse_template_value($r["name"], $domain, $webip, $mailip); + $type = $r["type"]; + $content = parse_template_value($r["content"], $domain, $webip, $mailip); + $ttl = $r["ttl"]; + $prio = intval($r["prio"]); - // Iterate over the template and apply it for each field. - foreach ($template as $r) - { - // Same type of if statement as previous. - if ((eregi('in-addr.arpa', $domain) && ($r["type"] == "NS" || $r["type"] == "SOA")) || (!eregi('in-addr.arpa', $domain))) - { - // Parse the template. - $name = parse_template_value($r["name"], $domain, $webip, $mailip); - $type = $r["type"]; - $content = parse_template_value($r["content"], $domain, $webip, $mailip); - $ttl = $r["ttl"]; - $prio = intval($r["prio"]); + if (!$ttl) { + $ttl = $GLOBALS["DEFAULT_TTL"]; + } - // If no ttl is given, use the default. - if (!$ttl) - { - $ttl = $GLOBALS["DEFAULT_TTL"]; + $query = "INSERT INTO records VALUES (''," + . $db->quote($domain_id) . "," + . $db->quote($name) . "," + . $db->quote($content) . "," + . $db->quote($type) . "," + . $db->quote($ttl) . "," + . $db->quote($prio) . "," + . $db->quote($now) . ")"; + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } } - - $sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (".$db->quote($iddomain).", ".$db->quote($name).", ".$db->quote($content).", ".$db->quote($type).", ".$db->quote($ttl).", ".$db->quote($prio).", ".$db->quote($now).")"; - $db->query($sql); } - } - // All done. - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "add_domain", "could not create zone")); - } + return true; + } else { + error(sprintf(ERR_INV_ARGC, "add_domain", "could not create zone")); + } + } + } else { + error(sprintf(ERR_INV_ARG, "add_domain")); } - } - else - { - error(sprintf(ERR_INV_ARG, "add_domain")); + } else { + error(ERR_PERM_ADD_ZONE_MASTER); + return false; } } @@ -458,24 +395,23 @@ { global $db; - if (!level(5)) - { - error(ERR_LEVEL_5); - } + if (verify_permission(zone_content_edit_others)) { $perm_edit = "all" ; } + elseif (verify_permission(zone_content_edit_own)) { $perm_edit = "own" ; } + else { $perm_edit = "none" ; } + $user_is_zone_owner = verify_user_is_owner_zoneid($id); - // See if the ID is numeric. - if (is_numeric($id)) - { - $db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id)); - $db->query("DELETE FROM domains WHERE id=".$db->quote($id)); - $db->query("DELETE FROM records WHERE domain_id=".$db->quote($id)); - // Nothing in the database. If the delete deleted 0 records it means the id is just not there. - // therefore the is no need to check the affectedRows values. - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "delete_domain", "id must be a number")); + if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) { + if (is_numeric($id)) { + $db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id)); + $db->query("DELETE FROM domains WHERE id=".$db->quote($id)); + $db->query("DELETE FROM records WHERE domain_id=".$db->quote($id)); + return true; + } else { + error(sprintf(ERR_INV_ARGC, "delete_domain", "id must be a number")); + return false; + } + } else { + error(ERR_PERM_DEL_ZONE); } } @@ -501,93 +437,50 @@ /* - * Sorts a zone by records. - * return values: the sorted zone. - */ -function sort_zone($records) -{ - $ar_so = array(); - $ar_ns = array(); - $ar_mx = array(); - $ar_mb = array(); - $ar_ur = array(); - $ar_ov = array(); - foreach ($records as $c) - { - switch(strtoupper($c['type'])) - { - case "SOA": - $ar_so[] = $c; - break; - case "NS": - $ar_ns[] = $c; - break; - case "MX": - $ar_mx[] = $c; - break; - case "MBOXFW": - $ar_mb[] = $c; - break; - case "URL": - $ar_ur[] = $c; - break; - default: - $ar_ov[] = $c; - break; - } - } - - $res = array_merge($ar_so, $ar_ns, $ar_mx, $ar_mb, $ar_ur, $ar_ov); - - if (count($records) == count($res)) - { - $records = $res; - } - else - { - error(sprintf(ERR_INV_ARGC, "sort_zone", "records sorting failed!")); - } - return $records; -} - - -/* * Change owner of a domain. - * Function should actually be in users.inc.php. But its more of a record modification than a user modification * return values: true when succesful. */ -function add_owner($domain, $newowner) +function add_owner_to_zone($zone_id, $user_id) { global $db; - - if (!level(5)) - { - error(ERR_LEVEL_5); - } - - if (is_numeric($domain) && is_numeric($newowner) && is_valid_user($newowner)) - { - if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($newowner)." AND domain_id=".$db->quote($domain)) == 0) + if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) { + // User is allowed to make change to meta data of this zone. + if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) { - $db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($domain).", ".$db->quote($newowner).")"); + if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) == 0) + { + $db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($zone_id).", ".$db->quote($user_id).")"); + } + return true; + } else { + error(sprintf(ERR_INV_ARGC, "add_owner_to_zone", "$zone_id / $user_id")); } - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "change_owner", "$domain / $newowner")); + } else { + return false; } } -function delete_owner($domain, $owner) +function delete_owner_from_zone($zone_id, $user_id) { global $db; - if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($owner)." AND domain_id=".$db->quote($domain)) != 0) - { - $db->query("DELETE FROM zones WHERE owner=".$db->quote($owner)." AND domain_id=".$db->quote($domain)); + if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) { + // User is allowed to make change to meta data of this zone. + if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) + { + // TODO: Next if() required, why not just execute DELETE query? + if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) != 0) + { + $db->query("DELETE FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)); + } + return true; + } else { + error(sprintf(ERR_INV_ARGC, "delete_owner_from_zone", "$zone_id / $user_id")); + } + } else { + return false; } - return true; + } /* @@ -653,130 +546,37 @@ function get_name_from_record_id($id) { global $db; - if (is_numeric($id)) - { + if (is_numeric($id)) { $result = $db->query("SELECT name FROM records WHERE id=".$db->quote($id)); $r = $result->fetchRow(); return $r["name"]; - } - else - { + } else { error(sprintf(ERR_INV_ARG, "get_name_from_record_id")); } } /* - * Get all the domains from a database of which the user is the owner. - * return values: an array with the id of the domain and its name. - */ -function get_domains_from_userid($id) -{ - global $db; - if (is_numeric($id)) - { - $a_zones = array(); - - // Check for zones the user has full access for (the - // user is owner of the zone. - - $res_full = $db->query("SELECT - domains.id AS domain_id, - domains.name AS name - FROM domains - LEFT JOIN zones ON domains.id=zones.domain_id - WHERE owner=".$db->quote($id)); - - // Process the output. - - $numrows = $res_full->numRows(); - $i=1; - if ($numrows > 0) - { - $andnot=" AND NOT domains.id IN ("; - while($r = $res_full->fetchRow()) { - - // Create array of zone id's and name's the owner - // has full access to. - - $a_zones[] = array( - "id" => $r["domain_id"], - "name" => $r["name"], - "partial" => "0" - ); - - // Create AND NOT for query of zones the user has - // only partial access to. In that query we just - // want to see the zones he has not full access to - // as well. - - $andnot.=$db->quote($r["domain_id"]); - if ($i < $numrows) { - $andnot.=","; - $i++; - } - - } - $andnot.=")"; - } - else - { - $andnot=""; - } - - // Check for zones the user has partial access only to. - - $res_partial = $db->query("SELECT DISTINCT - records.domain_id, - domains.name - FROM records, record_owners, domains - WHERE record_owners.user_id = ".$db->quote($id)." - AND records.id = record_owners.record_id - AND domains.id = records.domain_id - ".$andnot); - - // Add these zones to the array as well. - - while ($r = $res_partial->fetchRow()) - { - $a_zones[] = array( - "id" => $r["domain_id"], - "name" => $r["name"], - "partial" => "1" - ); - } - - return $a_zones; - } - else - { - error(sprintf(ERR_INV_ARGC, "get_domains_from_userid", "This is not a valid userid: $id")); - } -} - - -/* * Get domain name from a given id * return values: the name of the domain associated with the id. */ function get_domain_name_from_id($id) { global $db; - if (!xs($id)) - { - error(ERR_RECORD_ACCESS_DENIED); - } + if (is_numeric($id)) { $result = $db->query("SELECT name FROM domains WHERE id=".$db->quote($id)); - if ($result->numRows() == 1) - { + $rows = $result->numRows() ; + if ($rows == 1) { $r = $result->fetchRow(); return $r["name"]; - } - else - { + } elseif ($rows == "0") { + error(sprintf("Zone does not exist.")); + return false; + } else { error(sprintf(ERR_INV_ARGC, "get_domain_name_from_id", "more than one domain found?! whaaa! BAD! BAD! Contact admin!")); + return false; } } else @@ -785,86 +585,34 @@ } } - -/* - * Get information about a domain name from a given domain id. - * the function looks up the domainname, the owner of the domain and the number of records in it. - * return values: an array containing the information. - */ -function get_domain_info_from_id($id) -{ - global $db; - if (!xs($id)) - { - error(ERR_RECORD_ACCESS_DENIED); - } - if (is_numeric($id)) - { +function get_zone_info_from_id($zone_id) { - if ($_SESSION[$id."_ispartial"] == 1) { - - $sqlq = "SELECT - domains.type AS type, - domains.name AS name, - users.fullname AS owner, - count(record_owners.id) AS aantal - FROM domains, users, record_owners, records - - WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." - AND record_owners.record_id = records.id - AND records.domain_id = ".$db->quote($id)." + if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } + elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } + else { $perm_view = "none" ;} - GROUP BY domains.name, owner, users.fullname, domains.type - ORDER BY domains.name"; - - $result = $db->queryRow($sqlq); + if ($perm_view == "none") { + error(ERR_PERM_VIEW_ZONE); + } else { + global $db; - $ret = array( - "name" => $result["name"], - "ownerid" => $_SESSION["userid"], - "owner" => $result["owner"], - "type" => $result["type"], - "numrec" => $result["aantal"] - ); - - return $ret; + $query = "SELECT domains.type AS type, + domains.name AS name, + domains.master AS master_ip, + count(records.domain_id) AS record_count + FROM domains, records + WHERE domains.id = " . $db->quote($zone_id) . " + AND domains.id = records.domain_id + GROUP BY domains.id"; - } else{ - - // Query that retrieves the information we need. - $sqlq = "SELECT - domains.type AS type, - domains.name AS name, - min(zones.owner) AS ownerid, - users.fullname AS owner, - count(records.domain_id) AS aantal - FROM domains - LEFT JOIN records ON domains.id=records.domain_id - LEFT JOIN zones ON domains.id=zones.domain_id - LEFT JOIN users ON zones.owner=users.id - WHERE domains.id=$id - GROUP BY domains.name, owner, users.fullname, domains.type, zones.id - ORDER BY zones.id"; - - // Put the first occurence in an array and return it. - $result = $db->queryRow($sqlq); - - //$result["ownerid"] = ($result["ownerid"] == NULL) ? $db->queryOne("select min(id) from users where users.level=10") : $result["ownerid"]; - - $ret = array( - "name" => $result["name"], - "ownerid" => $result["ownerid"], - "owner" => $result["owner"], - "type" => $result["type"], - "numrec" => $result["aantal"] - ); - return $ret; - } - - } - else - { - error(sprintf(ERR_INV_ARGC, "get_domain_num_records_from_id", "This is not a valid domainid: $id")); + $response = $db->queryRow($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + $return = array( + "name" => $response['name'], + "type" => $response['type'], + "master_ip" => $response['master_ip'], + "record_count" => $response['record_count']); + return $return; } } @@ -877,24 +625,14 @@ { global $db; - if (!level(5)) - { - error(ERR_LEVEL_5); - } - if (is_valid_domain($domain)) - { + if (is_valid_domain($domain)) { $result = $db->query("SELECT id FROM domains WHERE name=".$db->quote($domain)); - if ($result->numRows() == 0) - { + if ($result->numRows() == 0) { return false; - } - elseif ($result->numRows() >= 1) - { + } elseif ($result->numRows() >= 1) { return true; } - } - else - { + } else { error(ERR_DOMAIN_INVALID); } } @@ -902,17 +640,16 @@ function get_supermasters() { global $db; - $result = $db->query("SELECT ip, nameserver, account FROM supermasters"); + + $result = $db->query("SELECT ip, nameserver, account FROM supermasters"); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + $ret = array(); - if($result->numRows() == 0) - { + if($result->numRows() == 0) { return -1; - } - else - { - while ($r = $result->fetchRow()) - { + } else { + while ($r = $result->fetchRow()) { $ret[] = array( "master_ip" => $r["ip"], "ns_name" => $r["nameserver"], @@ -926,10 +663,6 @@ function supermaster_exists($master_ip) { global $db; - if (!level(5)) - { - error(ERR_LEVEL_5); - } if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) { $result = $db->query("SELECT ip FROM supermasters WHERE ip = ".$db->quote($master_ip)); @@ -949,206 +682,92 @@ } -/* - * Get all domains from the database - * This function gets all the domains from the database unless a user id is below 5. - * if a user id is below 5 this function will only retrieve records for that user. - * return values: the array of domains or -1 if nothing is found. - */ -function get_domains($userid=true,$letterstart='all',$rowstart=0,$rowamount=999999) +function get_zones($perm,$userid=0,$letterstart=all,$rowstart=0,$rowamount=999999) { global $db; global $sql_regexp; - if((!level(5) || !$userid) && !level(10) && !level(5)) - { - $add = " AND zones.owner=".$db->quote($_SESSION["userid"]); + if ($perm != "own" && $perm != "all") { + error(ERR_PERM_VIEW_ZONE); + return false; } else { - $add = ""; + if ($perm == "own") { + $sql_add = " AND zones.domain_id = domains.id + AND zones.owner = ".$db->quote($userid); + } + if ($letterstart!=all && $letterstart!=1) { + $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; + } elseif ($letterstart==1) { + $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; + } } - - $sqlq = "SELECT domains.id AS domain_id, - min(zones.owner) AS owner, - count(DISTINCT records.id) AS aantal, - domains.name AS domainname - FROM domains - LEFT JOIN zones ON domains.id=zones.domain_id - LEFT JOIN records ON records.domain_id=domains.id - WHERE 1=1 $add "; - if ($letterstart!='all' && $letterstart!=1) { - $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letterstart); - } elseif ($letterstart==1) { - $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; - } - $sqlq.=" GROUP BY domainname, domains.id - ORDER BY domainname"; - + + $sqlq = "SELECT domains.id, + domains.name, + domains.type, + COUNT(DISTINCT records.id) AS count_records + FROM domains + LEFT JOIN zones ON domains.id=zones.domain_id + LEFT JOIN records ON records.domain_id=domains.id + WHERE 1=1".$sql_add." + GROUP BY domains.name, domains.id + ORDER BY domains.name"; + $db->setLimit($rowamount, $rowstart); $result = $db->query($sqlq); - // Set limit needs to be called before each query - $db->setLimit($rowamount, $rowstart); - $result2 = $db->query($sqlq); - - $numrows = $result2->numRows(); - $i=1; - if ($numrows > 0) { - $andnot=" AND NOT domains.id IN ("; - while($r = $result2->fetchRow()) { - $andnot.=$db->quote($r["domain_id"]); - if ($i < $numrows) { - $andnot.=","; - $i++; - } - } - $andnot.=")"; - } - else - { - $andnot=""; - } - - if ($letterstart!='all' && $letterstart!=1) { - - $sqlq = "SELECT domains.id AS domain_id, - count(DISTINCT record_owners.record_id) AS aantal, - domains.name AS domainname - FROM domains, record_owners,records, zones - WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." - AND (records.id = record_owners.record_id - AND domains.id = records.domain_id) - $andnot - AND domains.name LIKE ".$db->quote($letterstart."%")." - AND (zones.domain_id != records.domain_id AND zones.owner!=".$db->quote($_SESSION["userid"]).") - GROUP BY domainname, domains.id - ORDER BY domainname"; - - $result_extra = $db->query($sqlq); - - } else { - - $sqlq = "SELECT domains.id AS domain_id, - count(DISTINCT record_owners.record_id) AS aantal, - domains.name AS domainname - FROM domains, record_owners,records, zones - WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." - AND (records.id = record_owners.record_id - AND domains.id = records.domain_id) - $andnot"; - if ($letterstart != 'all') { - $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; - } - $sqlq .= "AND (zones.domain_id != records.domain_id AND zones.owner!=".$db->quote($_SESSION["userid"]).") - GROUP BY domainname, domains.id - ORDER BY domainname"; - - $result_extra[$i] = $db->query($sqlq); - - } while($r = $result->fetchRow()) { - $r["owner"] = ($r["owner"] == NULL) ? $db->queryOne("select min(id) from users where users.level=10") : $r["owner"]; - $ret[$r["domainname"]] = array( - "name" => $r["domainname"], - "id" => $r["domain_id"], - "owner" => $r["owner"], - "numrec" => $r["aantal"] - ); + $ret[$r["name"]] = array( + "id" => $r["id"], + "name" => $r["name"], + "type" => $r["type"], + "count_records" => $r["count_records"] + ); } - - - if ($letterstart!='all' && $letterstart!=1) { - - while($r = $result_extra->fetchRow()) - { - $ret[$r["domainname"]] = array( - "name" => $r["domainname"]."*", - "id" => $r["domain_id"], - "owner" => $_SESSION["userid"], - "numrec" => $r["aantal"] - ); - $_SESSION["partial_".$r["domainname"]] = 1; - } - - } else { - - foreach ($result_extra as $result_e) { - while($r = $result_e->fetchRow()) - { - $ret[$r["domainname"]] = array( - "name" => $r["domainname"]."*", - "id" => $r["domain_id"], - "owner" => $_SESSION["userid"], - "numrec" => $r["aantal"] - ); - $_SESSION["partial_".$r["domainname"]] = 1; - } - } - - } - - if (empty($ret)) { - return -1; - } else { - sort($ret); - return $ret; - } - + return $ret; } - -/* - * zone_count - * Does a select query to count how many zones we have in the database - * - * @todo: see whether or not it is possible to add the records - * @param $userid integer The userid of the current user - * @return integer the number of zones - */ - -function zone_count($userid=true, $letterstart='all') { - global $db; +// TODO: letterstart limitation and userid permission limitiation should be applied at the same time? +function zone_count_ng($perm, $letterstart=all) { + global $db; global $sql_regexp; - if((!level(5) || !$userid) && !level(10) && !level(5)) - { - // First select the zones for which we have ownership on one or more records. - $query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$db->quote($_SESSION['userid']).' AND records.id = record_owners.record_id'; - $result = $db->query($query); - $zones = array(); - if (!PEAR::isError($result)) { - $zones = $result->fetchCol(); + if ($perm != "own" && $perm != "all") { + $zone_count = "0"; + } + else + { + if ($perm == "own") { + $sql_add = " AND zones.domain_id = domains.id + AND zones.owner = ".$db->quote($_SESSION['userid']); + } + if ($letterstart!=all && $letterstart!=1) { + $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; + } elseif ($letterstart==1) { + $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; } - - $add = " AND (zones.owner=".$db->quote($_SESSION["userid"]); - if (count($zones) > 0) { - $add .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; - } - $add .= ')'; - } - else - { - $add = ""; - } + $sqlq = "SELECT COUNT(distinct domains.id) AS count_zones + FROM domains,zones + WHERE 1=1 + ".$sql_add.";"; + + $zone_count = $db->queryOne($sqlq); + } + return $zone_count; +} - if ($letterstart!='all' && $letterstart!=1) { - $add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; - } elseif ($letterstart==1) { - $add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; - } +function zone_count_for_uid($uid) { + global $db; + $query = "SELECT COUNT(domain_id) + FROM zones + WHERE owner = " . $db->quote($uid) . " + ORDER BY domain_id"; + $zone_count = $db->queryOne($query); + return $zone_count; +} - if (level(5)) - { - $query = 'SELECT count(distinct domains.id) as zone_count FROM domains WHERE 1=1 '.$add; - } - else - { - $query = 'SELECT count(distinct zones.domain_id) as zone_count FROM zones, domains WHERE zones.domain_id = domains.id '.$add; - } - $numRows = $db->queryOne($query); - return $numRows; -} /* * Get a record from an id. @@ -1169,15 +788,15 @@ { $r = $result->fetchRow(); $ret = array( - "id" => $r["id"], - "domain_id" => $r["domain_id"], - "name" => $r["name"], - "type" => $r["type"], - "content" => $r["content"], - "ttl" => $r["ttl"], - "prio" => $r["prio"], - "change_date" => $r["change_date"] - ); + "id" => $r["id"], + "domain_id" => $r["domain_id"], + "name" => $r["name"], + "type" => $r["type"], + "content" => $r["content"], + "ttl" => $r["ttl"], + "prio" => $r["prio"], + "change_date" => $r["change_date"] + ); return $ret; } else @@ -1197,58 +816,53 @@ * Retrieve all fields of the records and send it back to the function caller. * return values: the array with information, or -1 is nothing is found. */ -function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999) -{ +function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999) { global $db; - if (is_numeric($id)) - { + if (is_numeric($id)) { if ($_SESSION[$id."_ispartial"] == 1) { - $db->setLimit($rowamount, $rowstart); - $result = $db->query("SELECT record_owners.record_id as id - FROM record_owners,domains,records - WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." - AND record_owners.record_id = records.id - AND records.domain_id = ".$db->quote($id)." - GROUP bY record_owners.record_id"); + $db->setLimit($rowamount, $rowstart); + $result = $db->query("SELECT record_owners.record_id as id + FROM record_owners,domains,records + WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"]) . " + AND record_owners.record_id = records.id + AND records.domain_id = " . $db->quote($id) . " + GROUP BY record_owners.record_id"); - $ret = array(); - if($result->numRows() == 0) - { - return -1; - } - else - { - $ret[] = array(); - $retcount = 0; - while($r = $result->fetchRow()) - { - // Call get_record_from_id for each row. - $ret[$retcount] = get_record_from_id($r["id"]); - $retcount++; - } - return $ret; - } + $ret = array(); + if($result->numRows() == 0) { + return -1; + } else { + $ret[] = array(); + $retcount = 0; + while($r = $result->fetchRow()) + { + // Call get_record_from_id for each row. + $ret[$retcount] = get_record_from_id($r["id"]); + $retcount++; + } + return $ret; + } } else { - $db->setLimit($rowamount, $rowstart); - $result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id)); - $ret = array(); - if($result->numRows() == 0) - { - return -1; - } - else - { - $ret[] = array(); - $retcount = 0; - while($r = $result->fetchRow()) + $db->setLimit($rowamount, $rowstart); + $result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id)); + $ret = array(); + if($result->numRows() == 0) + { + return -1; + } + else { - // Call get_record_from_id for each row. - $ret[$retcount] = get_record_from_id($r["id"]); - $retcount++; + $ret[] = array(); + $retcount = 0; + while($r = $result->fetchRow()) + { + // Call get_record_from_id for each row. + $ret[$retcount] = get_record_from_id($r["id"]); + $retcount++; + } + return $ret; } - return $ret; - } } } @@ -1259,165 +873,164 @@ } -function get_users_from_domain_id($id) -{ +function get_users_from_domain_id($id) { global $db; - $result = $db->queryCol("SELECT owner FROM zones WHERE domain_id=".$db->quote($id)); - $ret = array(); - foreach($result as $uid) - { - $fullname = $db->queryOne("SELECT fullname FROM users WHERE id=".$db->quote($uid)); - $ret[] = array( - "id" => $uid, - "fullname" => $fullname - ); + $sqlq = "SELECT owner FROM zones WHERE domain_id =" .$db->quote($id); + $id_owners = $db->query($sqlq); + if ($id_owners->numRows() == 0) { + return -1; + } else { + while ($r = $id_owners->fetchRow()) { + $fullname = $db->queryOne("SELECT fullname FROM users WHERE id=".$r['owner']); + $owners[] = array( + "id" => $r['owner'], + "fullname" => $fullname + ); + } } - return $ret; + return $owners; } -function search_record($question) -{ + +function search_zone_and_record($holy_grail,$perm) { + global $db; - $question = trim($question); + + $holy_grail = trim($holy_grail); + + if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } + elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } + else { $perm_view = "none" ; } + + if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } + elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + else { $perm_content_edit = "none" ; } + + // Search for matching domains - if (is_valid_search($question)) - { - $sqlq = "SELECT * - FROM records - WHERE content LIKE ".$db->quote($question)." - OR name LIKE ".$db->quote($question)." - ORDER BY type DESC"; - $result = $db->query($sqlq); - $ret_r = array(); - while ($r = $result->fetchRow()) - { - if(xs($r['domain_id'])) - { - $ret_r[] = array( - 'id' => $r['id'], - 'domain_id' => $r['domain_id'], - 'name' => $r['name'], - 'type' => $r['type'], - 'content' => $r['content'], - 'ttl' => $r['ttl'], - 'prio' => $r['prio'], - 'change_date' => $r['change_date'] - ); - } - } + if ($perm == "own") { + $sql_add_from = ", zones "; + $sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($userid); + } + + $query = "SELECT + domains.id AS zid, + domains.name AS name, + domains.type AS type, + domains.master AS master + FROM domains" . $sql_add_from . " + WHERE domains.name LIKE " . $db->quote($holy_grail) + . $sql_add_where ; + + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } - $sqlq = "SELECT domains.id, domains.name, count(records.id) AS numrec, zones.owner, records.domain_id - FROM domains LEFT JOIN records ON domains.id = records.domain_id, zones - WHERE zones.domain_id = domains.id - AND domains.name LIKE ".$db->quote($question)." - GROUP BY domains.id, domains.name, zones.owner, records.domain_id"; - $result = $db->query($sqlq); - $ret_d = array(); - while ($r = $result->fetchRow()) - { - if(xs($r['id'])) - { - $ret_d[] = array( - 'id' => $r['id'], - 'name' => $r['name'], - 'numrec' => $r['numrec'], - 'owner' => $r['owner'] - ); - } - } - return array('domains' => $ret_d, 'records' => $ret_r); - } - else - { - error(sprintf(ERR_INV_ARGC, "search_record", "Invalid searchstring: $question")); + while ($r = $response->fetchRow()) { + $return_zones[] = array( + "zid" => $r['zid'], + "name" => $r['name'], + "type" => $r['type'], + "master" => $r['master']); } + // Search for matching records + + if ($perm == "own") { + $sql_add_from = ", zones "; + $sql_add_where = " AND zones.domain_id = record.id AND zones.owner = " . $db->quote($userid); + } + + $query = "SELECT + records.id AS rid, + records.name AS name, + records.type AS type, + records.content AS content, + records.ttl AS ttl, + records.prio AS prio, + records.domain_id AS zid + FROM records" . $sql_add_from . " + WHERE (records.name LIKE " . $db->quote($holy_grail) . " OR records.content LIKE " . $db->quote($holy_grail) . ")" + . $sql_add_where ; + + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + while ($r = $response->fetchRow()) { + $return_records[] = array( + "rid" => $r['rid'], + "name" => $r['name'], + "type" => $r['type'], + "content" => $r['content'], + "ttl" => $r['ttl'], + "zid" => $r['zid'], + "prio" => $r['prio']); + } + return array('zones' => $return_zones, 'records' => $return_records); } -function get_domain_type($id) -{ +function get_domain_type($id) { global $db; - if (is_numeric($id)) - { + if (is_numeric($id)) { $type = $db->queryOne("SELECT type FROM domains WHERE id = ".$db->quote($id)); - if($type == "") - { + if ($type == "") { $type = "NATIVE"; } return $type; - } - else - { + } else { error(sprintf(ERR_INV_ARG, "get_record_from_id", "no or no valid zoneid given")); } } -function get_domain_slave_master($id) -{ +function get_domain_slave_master($id){ global $db; - if (is_numeric($id)) - { + if (is_numeric($id)) { $slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = ".$db->quote($id)); return $slave_master; - } - else - { + } else { error(sprintf(ERR_INV_ARG, "get_domain_slave_master", "no or no valid zoneid given")); } } -function change_domain_type($type, $id) +function change_zone_type($type, $id) { global $db; $add = ''; if (is_numeric($id)) { - // It is not really neccesary to clear the master field if a - // zone is not of the type "slave" as powerdns will ignore that - // fiedl, but it is cleaner anyway. - if ($type != "SLAVE") - { + // It is not really neccesary to clear the field that contains the IP address + // of the master if the type changes from slave to something else. PowerDNS will + // ignore the field if the type isn't something else then slave. But then again, + // it's much clearer this way. + if ($type != "SLAVE") { $add = ", master=''"; } - $result = $db->query("UPDATE domains SET type = " .$db->quote($type). $add." WHERE id = ".$db->quote($id)); - } - else - { + $result = $db->query("UPDATE domains SET type = " . $db->quote($type) . $add . " WHERE id = ".$db->quote($id)); + } else { error(sprintf(ERR_INV_ARG, "change_domain_type", "no or no valid zoneid given")); } } -function change_domain_slave_master($id, $slave_master) -{ +function change_zone_slave_master($zone_id, $ip_slave_master) { global $db; - if (is_numeric($id)) - { - if (is_valid_ip($slave_master) || is_valid_ip6($slave_master)) - { - $result = $db->query("UPDATE domains SET master = " .$db->quote($slave_master). " WHERE id = ".$db->quote($id)); + if (is_numeric($zone_id)) { + if (is_valid_ip($ip_slave_master) || is_valid_ip6($ip_slave_master)) { + $result = $db->query("UPDATE domains SET master = " .$db->quote($ip_slave_master). " WHERE id = ".$db->quote($zone_id)); + } else { + error(sprintf(ERR_INV_ARGC, "change_domain_ip_slave_master", "This is not a valid IPv4 or IPv6 address: $ip_slave_master")); } - else - { - error(sprintf(ERR_INV_ARGC, "change_domain_slave_master", "This is not a valid IPv4 or IPv6 address: $slave_master")); - } - } - else - { + } else { error(sprintf(ERR_INV_ARG, "change_domain_type", "no or no valid zoneid given")); } } -function validate_account($account) -{ - - if(preg_match("/^[A-Z0-9._-]+$/i",$account)) - { +function validate_account($account) { + if(preg_match("/^[A-Z0-9._-]+$/i",$account)) { return true; - } - else - { + } else { return false; } } + + ?>