# HG changeset patch # User rejo # Date 1206485131 0 # Node ID c255196bc4477d508cde40f44c986819a6a22e16 # Parent c72d6d51f3d31dd708254f46ec4438a14ec7ec96 [feladat @ 182] Merged r125:181 of branches/rewrite-user-management into trunk. This incorporates the [wiki:ProposalUserPermissionManagement a new user and permission management system] and closes ticket:22. Be aware, this database structure has changed, this version is incompatible with previous versions. diff -r c72d6d51f3d3 -r c255196bc447 add_record.php --- a/add_record.php Wed Mar 12 20:45:56 2008 +0000 +++ b/add_record.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,63 +20,111 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); -$xsid = (isset($_GET['id'])) ? $_GET['id'] : $_POST['zoneid']; -if ((!level(5)) && ((!xs($xsid) || ($_SESSION[$xsid.'_ispartial'])))) { - error(ERR_RECORD_ACCESS_DENIED); +if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } +elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } +else { $perm_view = "none" ; } + +if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } +elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } +else { $perm_content_edit = "none" ; } + +if (verify_permission(zone_meta_edit_others)) { $perm_meta_edit = "all" ; } +elseif (verify_permission(zone_meta_edit_own)) { $perm_meta_edit = "own" ; } +else { $perm_meta_edit = "none" ; } + +$zone_id = "-1"; +if ((isset($_GET['id'])) && (v_num($_GET['id']))) { + $zone_id = $_GET['id']; +} + +$ttl = $DEFAULT_TTL; +if ((isset($_POST['ttl'])) && (v_num($_POST['ttl']))) { + $ttl = $_POST['ttl']; } -if (isset($_POST["commit"]) && isset($_POST['zoneid']) && isset($_POST['name']) && isset($_POST['type']) && isset($_POST['content']) && isset($_POST['ttl']) && isset($_POST['prio']) ) { - $ret = add_record($_POST["zoneid"], $_POST["name"], $_POST["type"], $_POST["content"], $_POST["ttl"], $_POST["prio"]); - if ($ret != '1') { - die("$ret"); - } - clean_page("edit.php?id=".$_POST["zoneid"]); +$prio = "10"; +if ((isset($_GET['prio'])) && (v_num($_GET['prio']))) { + $prio = $_GET['prio']; +} + +$name = $_POST['name']; +$type = $_POST['type']; +$content = $_POST['content']; + +if ($zone_id == "-1") { + error(ERR_INV_INPUT); + include_once("inc/footer.inc.php"); + exit; +} + +$user_is_zone_owner = verify_user_is_owner_zoneid($zone_id); +$zone_type = get_domain_type($zone_id); +$zone_name = get_domain_name_from_id($zone_id); + +if ($_POST["commit"]) { + if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) { + error(ERR_PERM_ADD_RECORD); + } else { + if ( add_record($zone_id, $name, $type, $content, $ttl, $prio)) { + success(_('The record was succesfully added.')); + unset($zone_id, $name, $type, $content, $ttl, $prio); + } + } } -include_once("inc/header.inc.php"); -?> - -

""

+echo "

" . _('Add record in zone') . " " . $zone_name . "

\n"; -
- "> - - - - - - - - - - - - - - - - - -
 
.IN - \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
" . _('Name') . " " . _('Type') . "" . _('Priority') . "" . _('Content') . "" . _('TTL') . "
." . $zone_name . "IN\n"; + echo " \n"; + echo " \n"; + echo "
\n"; + echo "
\n"; + echo " \n"; + echo " \n"; } + +include_once("inc/footer.inc.php"); + ?> - -
-
- - - - diff -r c72d6d51f3d3 -r c255196bc447 add_supermaster.php --- a/add_supermaster.php Wed Mar 12 20:45:56 2008 +0000 +++ b/add_supermaster.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,82 +20,68 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); -if (!level(5)) -{ - error(ERR_LEVEL_5); -} +$master_ip = $_POST["master_ip"]; +$ns_name = $_POST["ns_name"]; +$account = $_POST["account"]; -if(isset($_POST["submit"])) +(verify_permission(supermaster_add)) ? $supermasters_add = "1" : $supermasters_add = "0"; + +if($_POST["submit"]) { - $master_ip = (isset($_POST['master_ip']) ? $_POST["master_ip"] : ''); - $ns_name = (isset($_POST['ns_name']) ? $_POST["ns_name"] : ''); - $account = (isset($_POST["account"]) ? $_POST['account'] : ''); - if (!isset($error)) - { - if (!is_valid_ip($master_ip) && !is_valid_ip6($master_ip)) - { - $error = _('Given master IP address is not valid IPv4 or IPv6.'); - } - elseif (!is_valid_hostname($ns_name)) - { - $error = _('Given hostname for NS record not valid.'); - } - elseif (!validate_account($account)) - { - $error = _('Account name is not valid (may contain only alpha chars).'); - } - else - { - if(add_supermaster($master_ip, $ns_name, $account)) - { - $success = _('Successfully added supermaster.'); - } - } + if (add_supermaster($master_ip, $ns_name, $account)) { + echo "
" . _('Successfully added supermaster.') . "
\n"; + } else { + $error = "1"; } } -include_once("inc/header.inc.php"); - - if ((isset($error)) && ($error != "")) - { - ?>
:
-

-
- - - - - - - - - - - - - - - - - -
: - "> -
: - "> -
: - "> -
  - -
-
-" . _('Add supermaster') . "\n"; + +if ( $supermasters_add != "1" ) { + echo "

" . _("You do not have the permission to add a new supermaster.") . "

\n"; +} else { + echo "
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
" . _('IP address of supermaster') . "\n"; + if ($error) { + echo " \n"; + } else { + echo " \n"; + } + echo "
" . _('Hostname in NS record') . "\n"; + if ($error) { + echo " \n"; + } else { + echo " \n"; + } + echo "
" . _('Account') . "\n"; + if ($error) { + echo " \n"; + } else { + echo " \n"; + } + echo "
 \n"; + echo " \n"; + echo "
\n"; + echo "
\n"; +} include_once("inc/footer.inc.php"); ?> diff -r c72d6d51f3d3 -r c255196bc447 add_user.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/add_user.php Tue Mar 25 22:45:31 2008 +0000 @@ -0,0 +1,79 @@ + for more details. + * + * Copyright 2007, 2008 Rejo Zenger + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); + +if (!verify_permission(user_add_new)) { + error(ERR_PERM_ADD_USER); +} else { + if($_POST["commit"]) { + add_new_user($_POST); + success(SUC_USER_ADD); + } + + echo "

" . _('Add a user') . "

\n"; + echo "
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
" . _('Username') . "
" . _('Fullname') . "
" . _('Password') . "
" . _('Email') . "
" . _('Permission template') . "\n"; + echo " \n"; + echo "
" . _('Description') . "
" . _('Enabled') . "
 
\n"; + echo "
\n"; +} + +include_once("inc/footer.inc.php"); + +?> diff -r c72d6d51f3d3 -r c255196bc447 add_zone_master.php --- a/add_zone_master.php Wed Mar 12 20:45:56 2008 +0000 +++ b/add_zone_master.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,126 +20,119 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); -if (!level(5)) -{ - error(ERR_LEVEL_5); +$owner = "-1"; +if ((isset($_POST['owner'])) && (v_num($_POST['owner']))) { + $owner = $_POST['owner']; +} +$dom_type = "NATIVE"; +if (isset($_POST["dom_type"]) && (in_array($_POST['dom_type'], $server_types))) { + $dom_type = $_POST["dom_type"]; } -if (isset($_POST["submit"])) -{ - $domain = (isset($_POST['domain']) ? trim($_POST["domain"]) : ''); - $owner = (isset($_POST['owner']) ? $_POST["owner"] : 0 ); - $webip = (isset($_POST["webip"]) ? $_POST['webip'] : ''); - $mailip = (isset($_POST["mailip"]) ? $_POST['mailip'] : ''); - $empty = (isset($_POST["empty"]) ? $_POST['empty'] : 0); - $dom_type = (isset($_POST["dom_type"]) ? $_POST["dom_type"] : "NATIVE"); - if(!$empty) - { +$domain = trim($_POST["domain"]); +$webip = $_POST["webip"]; +$mailip = $_POST["mailip"]; +$empty = $_POST["empty"]; + +(verify_permission(zone_master_add)) ? $zone_master_add = "1" : $zone_master_add = "0" ; + +if ($_POST['submit'] && $zone_master_add == "1" ) { + + // Boy. I will be happy when I have found the time to replace + // this "template wanabee" code with something that is really + // worth to be called "templating". Whoever wrote this should + // be... should be... how can I say this politicaly correct? + // 20080303/RZ + + if(!$empty) { $empty = 0; - if(!eregi('in-addr.arpa', $domain) && (!is_valid_ip($webip) || !is_valid_ip($mailip)) ) - { - $error = "Web or Mail ip is invalid!"; + if(!eregi('in-addr.arpa', $domain) && (!is_valid_ip($webip) || !is_valid_ip($mailip)) ) { + error(_('Web or mail ip is invalid!')); + $error = "1"; } } - if (!isset($error)) - { - if (!is_valid_domain($domain)) - { - $error = "Zone name is invalid!"; - } - elseif (domain_exists($domain)) - { - $error = "Zone already exists!"; - } - //elseif (isset($mailip) && is_valid_ip( - else - { - add_domain($domain, $owner, $webip, $mailip, $empty, $dom_type, ''); - $success = _('Successfully added master zone.'); + + if (!$error) { + if (!is_valid_domain($domain)) { + error(_('Zone name is invalid!')); + $error = "1"; + } elseif (domain_exists($domain)) { + error(_('Zone already exists!!')); + $error = "1"; + } else { + if (add_domain($domain, $owner, $webip, $mailip, $empty, $dom_type, '')) { + success(SUC_ZONE_ADD); + unset($domain, $owner, $webip, $mailip, $empty, $dom_type); + } else { + $error = "1"; + } } } } -include_once("inc/header.inc.php"); +echo "

" . _('Add master zone') . "

\n"; - if ((isset($error)) && ($error != "")) - { - ?>
:
-

Add master zone

- " . _("You do not have the permission to add a new master zone.") . "

\n"; +} else { + $available_zone_types = array("MASTER", "NATIVE"); + $users = show_users(); - // Zone type set to master and native only, slave zones are created - // on a different page. - $zone_types = array("MASTER", "NATIVE"); - $users = show_users(); - ?> -
- - - - - - - - - - - - - - - - \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
: - "> -
: - "> -
: - "> -
: - \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " - - - - \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " - - - - - - - - - -
" . _('Zone name') . ":\n"; + echo " \n"; + echo "
" . _('Web IP') . ":\n"; + echo " \n"; + echo "
" . _('Mail IP') . ":\n"; + echo " \n"; + echo "
" . _('Owner') . ":\n"; + echo " -
: -
" . _('Zone type') . ":\n"; + echo " -
:
  - -
- -\n"; + echo "
" . _('Create zone without applying records-template') . "
 \n"; + echo " \n"; + echo "
\n"; + echo " \n"; +} include_once("inc/footer.inc.php"); diff -r c72d6d51f3d3 -r c255196bc447 add_zone_slave.php --- a/add_zone_slave.php Wed Mar 12 20:45:56 2008 +0000 +++ b/add_zone_slave.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,93 +20,73 @@ */ require_once("inc/toolkit.inc.php"); - -if (!level(5)) -{ - error(ERR_LEVEL_5); - -} - -if (isset($_POST["submit"])) -{ - $domain = trim($_POST["domain"]); - $owner = $_POST["owner"]; - $slave_master = $_POST["slave_master"]; - $dom_type = "SLAVE"; - if (!isset($error)) - { - if (!is_valid_domain($domain)) - { - $error = "Zone name is invalid!"; - } - elseif (domain_exists($domain)) - { - $error = "Zone already exists!"; - } - elseif (!is_valid_ip($slave_master)) - { - $error = "IP of master NS for slave zone is not valid!"; - } - else - { - if(add_domain($domain, $owner, '', '', 1, $dom_type, $slave_master)) - { - $success = _('Successfully added slave zone.'); - } - } - } -} - include_once("inc/header.inc.php"); - if ((isset($error)) && ($error != "")) - { - ?>
:
" . _('Add slave zone') . "\n"; + +if ( $zone_slave_add != "1" ) { + echo "

" . _("You do not have the permission to add a new slave zone.") . "

\n"; +} else { $users = show_users(); - - ?> -

-
- - - - - - - - - - - - - - - - - -
: - "> -
: - "> -
: - -
  - -
-
-\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
" . _('Zone name') . "\n"; + echo " \n"; + echo "
" . _('IP of master NS') . ":\n"; + echo " \n"; + echo "
" . _('Owner') . ":\n"; + echo " \n"; + echo "
 \n"; + echo " \n"; + echo "
\n"; + echo " \n"; +} + include_once("inc/footer.inc.php"); ?> diff -r c72d6d51f3d3 -r c255196bc447 change_password.php --- a/change_password.php Wed Mar 12 20:45:56 2008 +0000 +++ b/change_password.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,45 +20,35 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); -if(isset($_POST["submit"])) -{ - if((!isset($_POST['newpass'])) || (strlen($_POST["newpass"]) < 8)) - { - error('Password length should be at least 8 characters.'); - } - else - { - change_user_pass($_POST["currentpass"], $_POST["newpass"], $_POST["newpass2"]); - } +if($_POST["submit"]) { + change_user_pass($_POST); } -include_once("inc/header.inc.php"); -?> -

-
- - - - - - - - - - - - - - - - - -
:
:
:
  - -
-
+echo "

" . _('Change password') . "

\n"; +echo "
\n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo "
" . _('Current password') . ":
" . _('New password') . ":
" . _('New password') . ":
 \n"; +echo " \n"; +echo "
\n"; +echo "
\n"; - diff -r c72d6d51f3d3 -r c255196bc447 delete_domain.php --- a/delete_domain.php Wed Mar 12 20:45:56 2008 +0000 +++ b/delete_domain.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,50 +20,59 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); -if (!level(5)) -{ - error(ERR_LEVEL_5); - +if (verify_permission(zone_content_edit_others)) { $perm_edit = "all" ; } +elseif (verify_permission(zone_content_edit_own)) { $perm_edit = "own" ;} +else { $perm_edit = "none" ; } + +$zone_id = "-1"; +if (isset($_GET['id']) && v_num($_GET['id'])) { + $zone_id = $_GET['id']; +} + +$confirm = "-1"; +if (isset($_GET['confirm']) && v_num($_GET['confirm'])) { + $confirm = $_GET['confirm']; +} + +$zone_info = get_zone_info_from_id($zone_id); +$zone_owners = get_fullnames_owners_from_domainid($zone_id); +$user_is_zone_owner = verify_user_is_owner_zoneid($zone_id); + +if ($zone_id == "-1"){ + error(ERR_INV_INPUT); + include_once("inc/footer.inc.php"); + exit; } -if (isset($_GET["id"])) { - if ((isset($_GET["confirm"])) && ($_GET['confirm'] == '0')) { - clean_page("index.php"); - } elseif ((isset($_GET["confirm"])) && ($_GET['confirm'] == '1')) { - delete_domain($_GET["id"]); - clean_page("index.php"); - } - include_once("inc/header.inc.php"); - $info = get_domain_info_from_id($_GET["id"]); - ?>

""

- "); +echo "

" . _('Delete zone') . " \"" . $zone_info['name']. "\"

\n"; + +if ($confirm == '1') { + if ( delete_domain($zone_id) ) { + success(SUC_ZONE_DEL); } - print (_('Type') . ": " . strtolower($info["type"]) . "
"); - print (_('Number of records in zone') . ": " . $info["numrec"] . "
"); - if($info["type"] == "SLAVE") - { - $slave_master = get_domain_slave_master($_GET["id"]); - if(supermaster_exists($slave_master)) - { - print (""); - printf(_('You are about to delete a slave zone of which the master nameserver, %s, is a supermaster. Deleting the zone now, will result in temporary removal only. Whenever the supermaster sends a notification for this zone, it will be added again!'), $slave_master); - print ("
"); +} else { + if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) { + echo " " . _('Owner') . ": " . $zone_owners . "
\n"; + echo " " . _('Type') . ": " . $zone_info['type'] . "\n"; + if ( $zone_info['type'] == "SLAVE" ) { + $slave_master = get_domain_slave_master($zone_id); + if(supermaster_exists($slave_master)) { + echo "

\n"; + printf (_('You are about to delete a slave zone of which the master nameserver, %s, is a supermaster. Deleting the zone now, will result in temporary removal only. Whenever the supermaster sends a notification for this zone, it will be added again!'), $slave_master); + echo "

\n"; + } } + echo "

" . _('Are you sure?') . "

\n"; + echo "

\n"; + echo " \n"; + echo " \n"; + } else { + error(ERR_PERM_DEL_ZONE); } - ?> - -

- &confirm=1'" value=""> - &confirm=0'" value=""> - diff -r c72d6d51f3d3 -r c255196bc447 delete_record.php --- a/delete_record.php Wed Mar 12 20:45:56 2008 +0000 +++ b/delete_record.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,42 +20,66 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); -if ($_GET["id"]) { - // check if we have access to the given id - $zoneId = recid_to_domid($_GET['id']); - if ((!level(5)) && (!xs($zoneId))) { - error(ERR_RECORD_ACCESS_DENIED); - } - if ((!level(5)) && ($_SESSION[$zoneId.'_ispartial'] == 1)) { - $db->setLimit(1); - $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id=".$db->quote($_GET["id"])." AND user_id=".$db->quote($_SESSION["userid"])); - if (empty($checkPartial)) { - error(ERR_RECORD_ACCESS_DENIED); +$record_id = "-1"; +if (isset($_GET['id']) && v_num($_GET['id'])) { + $record_id = $_GET['id']; +} + + +$confirm = "-1"; +if ((isset($_GET['confirm']) && v_num($_GET['confirm']) + $confirm = $_GET['confirm']; +} + +if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } +elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } +else { $perm_content_edit = "none" ; } + +$user_is_zone_owner = verify_user_is_owner_zoneid($_GET["domain"]); + +if ($record_id == "-1" ) { + if ($confirm == '1') { + if ( delete_record($record_id) ) { + success(SUC_RECORD_DEL); } - } - if ($_GET["confirm"] == '0') { - clean_page("edit.php?id=".$_GET["domain"]); - } elseif ($_GET["confirm"] == '1') { - delete_record($_GET["id"]); - clean_page("edit.php?id=".$_GET["domain"]); - } - include_once("inc/header.inc.php"); - ?> + } else { + $zone_id = recid_to_domid($record_id); + $zone_name = get_domain_name_from_id($zone_id); + $user_is_zone_owner = verify_user_is_owner_zoneid($zone_id); + $record_info = get_record_from_id($record_id); -

""

" . _('You are trying to delete a record that is needed for this zone to work.') . "
"; + echo "

" . _('Delete record') . " in zone \"" . $zone_name . "\"

\n"; + + if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) { + error(ERR_PERM_EDIT_RECORD); + } else { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
NameTypeContentPriorityTTL
" . $record_info['name'] . "" . $record_info['type'] . "" . $record_info['content'] . "" . $record_info['priority'] . "" . $record_info['ttl'] . "
\n"; + if (($record_info['type'] == 'NS' && $record_info['name'] == $zone_name) || $record_info['type'] == 'SOA') { + echo "

" . _('You are trying to delete a record that is needed for this zone to work.') . "

\n"; + } + echo "

" . _('Are you sure?') . "

\n"; + echo " \n"; + echo " \n"; + } } - ?>


- &confirm=1'" value=""> - &confirm=0'" value=""> - -

""

- :
- :

-

- &confirm=1'" value=""> - &confirm=0'" value=""> - " . _('Delete supermaster') . " \"" . $master_ip . "\"\n"; + + if ($_GET["confirm"] == '1') { + if (delete_supermaster($master_ip)) { + success(SUC_ZONE_DEL); + } + } else { + echo "

\n"; + echo " " . _('Hostname in NS record') . ": " . $info['ns_name'] . "
\n"; + echo " " . _('Account') . ": " . $info['account'] . "\n"; + echo "

\n"; + echo "

" . _('Are you sure?') . "

\n"; + echo " \n"; + echo " \n"; + } + } } + include_once("inc/footer.inc.php"); diff -r c72d6d51f3d3 -r c255196bc447 delete_user.php --- a/delete_user.php Wed Mar 12 20:45:56 2008 +0000 +++ b/delete_user.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,103 +20,87 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); -$id = ($_POST["id"]) ? $_POST["id"] : $_GET["id"]; +verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ; +verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ; + +if (!(isset($_GET['id']) && v_num($_GET['id']))) { + error(ERR_INV_INPUT); + include_once("inc/footer.inc.php"); + exit; +} else { + $uid = $_GET['id']; +} + +if ($_POST['commit']) { + if (delete_user($uid,$_POST['zone'])) { + success(SUC_USER_DEL); + } +} else { + + if (($uid != $_SESSION['userid'] && !verify_permission(user_edit_others)) || ($uid == $_SESSION['userid'] && !verify_permission(user_edit_own))) { + error(ERR_PERM_DEL_USER); + include_once("inc/footer.inc.php"); + exit; + } else { + $fullname = get_fullname_from_userid($uid); + $zones = get_zones("own",$uid); + + echo "

" . _('Delete user') . " \"" . $fullname . "\"

\n"; + echo "
\n"; + echo " \n"; + + if (count($zones) > 0) { -if(isset($id)) -{ - if($_POST["confirm"] == '1') - { - $domain = is_array($_POST["domain"]) ? $_POST["domain"] : $domain = array(); - $delete = is_array($_POST["delete"]) ? $_POST["delete"] : $delete = array(); - - if(count($domain) > 0) - { - foreach ($domain as $dom => $newowner) - { - if (!in_array($dom, $delete)) - { - add_owner($dom, $newowner); - } - } - } - if(count($delete) > 0) - { - foreach ($delete as $del) - { - delete_domain($del); + $users = show_users(); + + echo " \n"; + echo " \n"; + echo " \n"; + + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + + foreach ($zones as $zone) { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } } - - delete_user($id); - clean_page("users.php"); - } - include_once("inc/header.inc.php"); - ?> - -

""

- - 0) - { - echo _('This user has access to the following zone(s)'); ?> :
-
\n"; + + echo " " . _('You are about to delete a user. This user is owner for a number of zones. Please decide what to do with these zones.') . "\n"; + echo "
" . _('Zone') . "" . _('Delete') . "" . _('Leave') . "" . _('Add new owner') . "" . _('Owner to be added') . "
" . $zone['name'] . "\n"; + echo " \n"; + echo "
- - - - - - - - - -
DeleteNameNew owner
"> name="delete[]" value="">
queryOne("SELECT count(id) FROM zones WHERE owner=".$db->quote($id))) != 0) - { - $message .= " " . _('This user has access to ') . $numrows . _(' zones, by deleting him you will also delete these zones.'); - } + echo " \n"; + echo " \n"; + + echo " " . _('Really delete this user?') . "\n"; + echo " \n"; + echo " \n"; - ?> -
- - -
- \n"; + echo " \n"; + echo " \n"; + } } - +include_once("inc/footer.inc.php"); +?> diff -r c72d6d51f3d3 -r c255196bc447 docs/CHANGELOG --- a/docs/CHANGELOG Wed Mar 12 20:45:56 2008 +0000 +++ b/docs/CHANGELOG Tue Mar 25 22:45:31 2008 +0000 @@ -1,5 +1,4 @@ CHANGELOG +Please see . -Please see . - diff -r c72d6d51f3d3 -r c255196bc447 docs/poweradmin-mysql-db-structure.sql --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docs/poweradmin-mysql-db-structure.sql Tue Mar 25 22:45:31 2008 +0000 @@ -0,0 +1,62 @@ +DROP TABLE IF EXISTS `users`; +CREATE TABLE `users` ( + `id` int(11) NOT NULL auto_increment, + `username` varchar(16) NOT NULL default '', + `password` varchar(34) NOT NULL default '', + `fullname` varchar(255) NOT NULL default '', + `email` varchar(255) NOT NULL default '', + `description` text NOT NULL, + `perm_templ` tinyint(11) NOT NULL default '0', + `active` tinyint(1) NOT NULL default '0', + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +LOCK TABLES `users` WRITE; +INSERT INTO `users` VALUES (1,'admin','21232f297a57a5a743894a0e4a801fc3','Administrator','admin@example.net','Administrator with full rights.',1,1); +UNLOCK TABLES; + +DROP TABLE IF EXISTS `perm_items`; +CREATE TABLE `perm_items` ( + `id` int(11) NOT NULL auto_increment, + `name` varchar(64) NOT NULL, + `descr` text NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=62 DEFAULT CHARSET=latin1; + +LOCK TABLES `perm_items` WRITE; +INSERT INTO `perm_items` VALUES (41,'zone_master_add','User is allowed to add new master zones.'),(42,'zone_slave_add','User is allowed to add new slave zones.'),(43,'zone_content_view_own','User is allowed to see the content and meta data of zones he owns.'),(44,'zone_content_edit_own','User is allowed to edit the content of zones he owns.'),(45,'zone_meta_edit_own','User is allowed to edit the meta data of zones he owns.'),(46,'zone_content_view_others','User is allowed to see the content and meta data of zones he does not own.'),(47,'zone_content_edit_others','User is allowed to edit the content of zones he does not own.'),(48,'zone_meta_edit_others','User is allowed to edit the meta data of zones he does not own.'),(49,'search','User is allowed to perform searches.'),(50,'supermaster_view','User is allowed to add view supermasters.'),(51,'supermaster_add','User is allowed to add new supermasters.'),(52,'supermaster_edit','User is allowed to edit new supermasters.'),(53,'user_is_ueberuser','User has full access. God-like. Redeemer.'),(54,'user_view_others','User is allowed to see other users and their details.'),(55,'user_add_new','User is allowed to add new users.'),(56,'user_edit_own','User is allowed to edit their own details.'),(57,'user_edit_others','User is allowed to edit other users.'),(58,'user_passwd_edit_others','User is allowed to edit the password of other users.'),(59,'user_edit_templ_perm','User is allowed to change the permission template that is assigned to a user.'),(60,'templ_perm_add','User is allowed to add new permission templates.'),(61,'templ_perm_edit','User is allowed to edit existing permission templates.'); +UNLOCK TABLES; + +DROP TABLE IF EXISTS `perm_templ`; +CREATE TABLE `perm_templ` ( + `id` int(11) NOT NULL auto_increment, + `name` varchar(128) NOT NULL, + `descr` text NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; + +LOCK TABLES `perm_templ` WRITE; +INSERT INTO `perm_templ` VALUES (1,'Administrator','Administrator template with full rights.'); +UNLOCK TABLES; + +DROP TABLE IF EXISTS `perm_templ_items`; +CREATE TABLE `perm_templ_items` ( + `id` int(11) NOT NULL auto_increment, + `templ_id` int(11) NOT NULL, + `perm_id` int(11) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=MyISAM AUTO_INCREMENT=269 DEFAULT CHARSET=latin1; + +LOCK TABLES `perm_templ_items` WRITE; +INSERT INTO `perm_templ_items` VALUES (58,2,43),(268,1,43),(267,1,46),(266,1,54),(265,1,56),(264,1,58),(263,1,45),(262,1,48),(261,1,44),(260,1,47),(259,1,57),(258,1,52),(257,1,61),(57,2,51),(56,2,42),(55,2,60),(54,2,41),(256,1,59),(255,1,50),(156,3,56),(155,3,58),(254,1,55),(253,1,51),(252,1,42),(251,1,60),(250,1,41),(249,1,53); +UNLOCK TABLES; + +DROP TABLE IF EXISTS `zones`; +CREATE TABLE `zones` ( + `id` int(11) NOT NULL auto_increment, + `domain_id` int(11) NOT NULL default '0', + `owner` int(11) NOT NULL default '0', + `comment` text, + PRIMARY KEY (`id`), + KEY `owner` (`owner`) +) ENGINE=MyISAM AUTO_INCREMENT=22001 DEFAULT CHARSET=latin1; diff -r c72d6d51f3d3 -r c255196bc447 edit.php --- a/edit.php Wed Mar 12 20:45:56 2008 +0000 +++ b/edit.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,346 +20,234 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); -// Assigning records to user: Check for records owned by user -$recordOwnerError = ''; -if (isset($_POST["action"]) && $_POST["action"]=="record-user") { - if (!is_array($_POST['rowid'])) { - $recordOwnerError = 'No records where selected to assign an sub-owner.'; - } else { - foreach ($_POST["rowid"] as $x_user => $recordid){ - $x_userid = $db->queryOne("SELECT id FROM record_owners WHERE user_id = ".$db->quote($_POST["userid"])." AND record_id=".$db->quote($recordid)); - if (empty($x_userid)) { - add_record_owner($_GET["id"],$_POST["userid"],$recordid); - } - } +$zone_id = "-1"; +if (isset($_GET['id']) && v_num($_GET['id'])) { + $zone_id = $_GET['id']; +} + +if ($zone_id == "-1") { + error(ERR_INV_INPUT); + include_once("inc/footer.inc.php"); + exit; +} + +if (isset($_POST['commit'])) { + foreach ($_POST['record'] as $record) { + edit_record($record); } } -if(isset($_POST['change_slave_master']) && is_numeric($_POST["domain"]) && level(5)) -{ - change_domain_slave_master($_POST['domain'], $_POST['slave_master']); -} -if(isset($_POST['type_change']) && in_array($_POST['newtype'], $server_types)) -{ - change_domain_type($_POST['newtype'], $_GET['id']); -} -if(isset($_POST["newowner"]) && is_numeric($_POST["domain"]) && is_numeric($_POST["newowner"])) -{ - add_owner($_POST["domain"], $_POST["newowner"]); + +if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } +elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } +else { $perm_view = "none" ; } + +if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } +elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } +else { $perm_content_edit = "none" ; } + +if (verify_permission(zone_meta_edit_others)) { $perm_meta_edit = "all" ; } +elseif (verify_permission(zone_meta_edit_own)) { $perm_meta_edit = "own" ; } +else { $perm_meta_edit = "none" ; } + +$user_is_zone_owner = verify_user_is_owner_zoneid($zone_id); +if ( $perm_meta_edit == "all" || ( $perm_meta_edit == "own" && $user_is_zone_owner == "1") ) { + $meta_edit = "1"; } -if(isset($_POST["del_user"]) && is_numeric($_POST["del_user"]) && level(5)) -{ - delete_owner($_GET["id"], $_POST["del_user"]); + +if(isset($_POST['slave_master_change']) && is_numeric($_POST["domain"]) ) { + change_zone_slave_master($_POST['domain'], $_POST['new_master']); } -$info = get_domain_info_from_id($_GET["id"]); -include_once("inc/header.inc.php"); - -$domain_type=get_domain_type($_GET['id']); -if ($domain_type == "SLAVE" ) { $slave_master=get_domain_slave_master($_GET['id']); }; - -if (strlen($recordOwnerError)) { -?> -
:
- -
:
- -
:
- -

""

- -
-
- - - - - - - - - - - -" . _('Edit zone') . " \"" . get_domain_name_from_id($zone_id) . "\"\n"; + +if ( $perm_view == "none" || $perm_view == "own" && $user_is_zone_owner == "0" ) { + error(ERR_PERM_VIEW_ZONE); +} else { + echo "
\n"; + show_pages($record_count,ROWAMOUNT,$zone_id); + echo "
\n"; + + $records = get_records_from_domain_id($zone_id,ROWSTART,ROWAMOUNT); + if ( $records == "-1" ) { + echo "

" . _("This zone does not have any records. Weird.") . "

\n"; + } else { + echo " \n"; + echo "
- - - "> - -
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + foreach ($records as $r) { + echo " \n"; + echo " \n"; + echo " \n"; + if ( $domain_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) { + echo " \n"; + } else { + echo " \n"; + } + echo " \n"; + echo " \n"; + echo " \n"; + if ($r['type'] == "MX") { + echo " \n"; + } else { + echo " \n"; + } + echo " \n"; + echo " \n"; + } + echo "
 " . _('Name') . "" . _('Type') . "" . _('Content') . "" . _('Priority') . "" . _('TTL') . "
 \n"; + echo " + \"[\n"; + echo " + \"[\n"; + echo " \n"; + echo " \n"; + echo "  
\n"; + echo " \n"; + echo " "; + } + + if ( $perm_content_edit == "all" || $perm_content_edit == "own" && $user_is_zone_owner == "1" ) { + if ( $domain_type != "SLAVE") { + echo "   \n"; + } + echo " \n"; + } + + echo "
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + + $owners = get_users_from_domain_id($zone_id); + + if ($owners == "-1") { + echo " "; + } else { + if ($meta_edit) { + foreach ($owners as $owner) { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } + } else { + foreach ($owners as $owner) { + echo " "; + } + } + + } + if ($meta_edit) { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } + echo " \n"; + echo " \n"; + echo " \n"; + + if ($meta_edit) { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } else { + echo " \n"; + } + + if ($domain_type == "SLAVE" ) { + $slave_master=get_domain_slave_master($zone_id); + echo " \n"; + echo " \n"; + echo " \n"; + + if ($meta_edit) { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } else { + echo " \n"; } } - else - { -?> - - - - - - - - - - -
" . _('Owner of zone') . "
" . _('No owner set or this zone!') . "
" . $owner["fullname"] . "\n"; + echo " \n"; + echo " \n"; + echo "
" . $owner["fullname"] . " 
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
" . _('Type of zone') . "
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
" . strtolower($domain_type) . " 
" . _('IP address of master NS') . "
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
" . $slave_master . " 
- "> - - - -
-
-
- - - - - - "> - - - - - - - - - - - - "> - - - - - - -
- - - -
- -
- - - -
-
-
-
-
- - - - - - - - - -
-
-
\n"; + echo "
\n"; // eo div meta } -?> -
- - '" value="">   - - '" value=""> - -
-
- -
-
?id=" method="post"> - - - - - -" . _('Sub-owners') . ""; - } -?> - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
- - ">[ <?php echo _('Edit record'); ?> ] - ">[ <?php echo _('Delete record'); ?> ] - - - - -query("SELECT r.user_id,u.username,u.fullname FROM record_owners as r, users as u WHERE r.record_id=".$db->quote($r['id'])." AND u.id=r.user_id"); - echo ""; -?> -
-
-
- - arrow - - -
- diff -r c72d6d51f3d3 -r c255196bc447 edit_perm_templ.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/edit_perm_templ.php Tue Mar 25 22:45:31 2008 +0000 @@ -0,0 +1,92 @@ + for more details. + * + * Copyright 2007, 2008 Rejo Zenger + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); + +$id = "-1"; +if ((isset($_GET['id'])) || (v_num($_GET['id']))) { + $id = $_GET['id'] ; +} + +if ($id == "-1") { + error(ERR_INV_INPUT); +} elseif (!verify_permission(templ_perm_edit)) { + error(ERR_PERM_EDIT_PERM_TEMPL); +} else { + $id = $_GET['id']; + + if (isset($_POST['commit'])) { + update_perm_templ_details($_POST); + } + + $templ_details = get_permission_template_details($id); + $perms_templ = get_permissions_by_template_id($id); + $perms_avail = get_permissions_by_template_id(); + + echo "

" . _('Edit permission template') . "

\n"; + echo "
\n"; + echo " \n"; + + foreach ($templ_details as $templ) { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
" . _('Name') . "
" . _('Description') . "
\n"; + } + + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + + foreach ($perms_avail as $perm_a) { + + echo " \n"; + + $has_perm = ""; + foreach ($perms_templ as $perm_t) { + if (in_array( $perm_a['id'], $perm_t )) { + $has_perm = "checked"; + } + } + + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } + echo "
 " . _('Name') . "" . _('Description') . "
" . $perm_a['name'] . "" . $perm_a['descr'] . "
\n"; + echo " \n"; + echo "
\n"; + +} + +include_once("inc/footer.inc.php"); +?> diff -r c72d6d51f3d3 -r c255196bc447 edit_record.php --- a/edit_record.php Wed Mar 12 20:45:56 2008 +0000 +++ b/edit_record.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,135 +20,94 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); -if (isset($_GET["delid"]) && isset($_GET['delid']) && isset($_GET['id'])) { - delete_record_owner($_GET["domain"],$_GET["delid"],$_GET["id"]); -} +if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } +elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } +else { $perm_view = "none" ; } + +if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } +elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } +else { $perm_content_edit = "none" ; } + +if (verify_permission(zone_meta_edit_others)) { $perm_meta_edit = "all" ; } +elseif (verify_permission(zone_meta_edit_own)) { $perm_meta_edit = "own" ; } +else { $perm_meta_edit = "none" ; } -$xsid = (isset($_GET['id'])) ? $_GET['id'] : $_POST['recordid']; +$user_is_zone_owner = verify_user_is_owner_zoneid($_GET["domain"]); +$zone_type = get_domain_type($_GET["domain"]); +$zone_name = get_domain_name_from_id($_GET["domain"]); -if(!xs(recid_to_domid($xsid))) -{ - error(ERR_RECORD_ACCESS_DENIED); +if ($_POST["commit"]) { + if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) { + error(ERR_PERM_EDIT_RECORD); + } else { + $ret_val = edit_record($_POST["recordid"], $_POST["domainid"], $_POST["name"], $_POST["type"], $_POST["content"], $_POST["ttl"], $_POST["prio"]); + if ( $ret_val == "1" ) { + success(SUC_RECORD_UPD); + } else { + echo "
" . $ret_val . "
\n"; + } + } } -if (isset($_GET['domain'])) { - $domain_name = get_domain_name_from_id($_GET['domain']); -} -if (isset($_POST["commit"]) && isset($_POST['recordid']) && isset($_POST['domainid']) && isset($_POST['name']) && isset($_POST['type']) && isset($_POST['content']) && isset($_POST['ttl']) && isset($_POST['prio'])) -{ - edit_record($_POST["recordid"], $_POST["domainid"], $_POST["name"], $_POST["type"], $_POST["content"], $_POST["ttl"], $_POST["prio"]); - clean_page("edit.php?id=".$_POST["domainid"]); -} elseif(isset($_SESSION['partial_'.$domain_name]) && ($_SESSION["partial_".$domain_name] == 1)) -{ - $db->setLimit(1); - $checkPartial = $db->queryOne("SELECT id FROM record_owners WHERE record_id=".$db->quote($_GET["id"])." AND user_id=".$db->quote($_SESSION["userid"])); - if (empty($checkPartial)) { - error(ERR_RECORD_ACCESS_DENIED); - } -} -include_once("inc/header.inc.php"); -?> -

""

-" . _('Edit record in zone') . " " . $zone_name . "\n"; + +if ( $perm_view == "none" || $perm_view == "own" && $user_is_zone_owner == "0" ) { + error(ERR_PERM_VIEW_RECORD); +} else { + $record = get_record_from_id($_GET["id"]); + echo "
\n"; + echo " \n"; + echo " \n"; + echo " \n"; -$x_result = $db->query("SELECT r.id,u.fullname FROM record_owners as r, users as u WHERE r.record_id=".$db->quote($_GET['id'])." AND u.id=r.user_id"); -if (level(10) && ($x_result->numRows() > 0)) -{ -?> -
-
-
" . _('Name') . "\n"; + echo "  \n"; + echo " " . _('Type') . "\n"; + echo " " . _('Priority') . "\n"; + echo " " . _('Content') . "\n"; + echo " " . _('TTL') . "\n"; + echo "
- - -fetchRow()) - { -?> - - - - -\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } else { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; } -?> -
-   -
?id=&domain=&delid=">trash
" . $record["name"] . "IN" . $record["type"] . "" . $record["content"] . "" . $record["prio"] . "" . $record["ttl"] . "
." . $zone_name . "IN\n"; + echo " \n"; + echo "
- - - -
 
-
- - "> - "> - - - - - - - - - - - - -
-   - - - - -
- - " class="input"> - - - - " class="input"> - -. - IN -   \n"; + echo "

\n"; + echo " \n"; } -?> - -
" class="sinput">" class="input">" class="sinput">
-

-    - -

- -
- + diff -r c72d6d51f3d3 -r c255196bc447 edit_user.php --- a/edit_user.php Wed Mar 12 20:45:56 2008 +0000 +++ b/edit_user.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,88 +20,141 @@ */ require_once("inc/toolkit.inc.php"); - -if($_POST["commit"]) -{ - if($_POST["username"] && $_POST["level"] && $_POST["fullname"]) - { - if(!isset($_POST["active"])) - { - $active = 0; - } - else - { - $active = 1; - } - if(edit_user($_POST["number"], $_POST["username"], $_POST["fullname"], $_POST["email"], $_POST["level"], $_POST["description"], $active, $_POST["password"])) - { - clean_page("users.php"); - } - else - { - error("Error editting user!"); - } - } -} - include_once("inc/header.inc.php"); -if (!level(10)) -{ - error("You do not have the required access level."); +$edit_id = "-1"; +if (isset($_GET['id']) && v_num($_GET['id'])) { + $edit_id = $_GET['id']; } -?> -

""

- -
- "> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:">
:">
:
:">
: - -
: - -
:CHECKED>
 
-
- "0" && $i_fullname) { + if(!isset($i_active)) { + $active = 0; + } else { + $active = 1; + } + if(edit_user($edit_id, $i_username, $i_fullname, $i_email, $i_perm_templ, $i_description, $active, $i_password)) { + success(SUC_USER_UPD); + } + } + } + } + + $users = get_user_detail_list($edit_id) ; + + foreach ($users as $user) { + + (($user['active']) == "1") ? $check = " CHECKED" : $check = "" ; + + echo "

" . _('Edit user') . " \"" . $user['fullname'] . "\"

\n"; + echo "
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
" . _('Username') . "
" . _('Fullname') . "
" . _('Password') . "
" . _('Email') . "
" . _('Permission template') . "\n"; + echo " \n"; + echo "
" . _('Description') . "
" . _('Enabled') . "
 
\n"; + echo "
\n"; + + echo "

\n"; + printf(" This user has been assigned the \"%s\" permission template.", $user['tpl_name']); + if ($user['tpl_descr'] != "") { + echo " The description for this template is: \"" . $user['tpl_descr'] . "\"."; + } + echo " Based on this template, this user has the following permissions:"; + echo "

\n"; + echo "
    \n"; + foreach (get_permissions_by_template_id($user['tpl_id']) as $item) { + echo "
  • " . $item['descr'] . " (" . $item['name'] . ")
  • \n"; + } + echo "
\n"; + } +} else { + error(ERR_PERM_EDIT_USER); +} include_once("inc/footer.inc.php"); diff -r c72d6d51f3d3 -r c255196bc447 inc/auth.inc.php --- a/inc/auth.inc.php Wed Mar 12 20:45:56 2008 +0000 +++ b/inc/auth.inc.php Tue Mar 25 22:45:31 2008 +0000 @@ -21,55 +21,57 @@ //session_start(); -if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") -{ - logout(); -} +function doAuthenticate() { + global $db; + global $EXPIRE; + if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") { + logout(); + } -// If a user had just entered his/her login && password, store them in our session. -if(isset($_POST["authenticate"])) -{ - $_SESSION["userpwd"] = $_POST["password"]; - $_SESSION["userlogin"] = $_POST["username"]; -} + // If a user had just entered his/her login && password, store them in our session. + if(isset($_POST["authenticate"])) + { + $_SESSION["userpwd"] = $_POST["password"]; + $_SESSION["userlogin"] = $_POST["username"]; + } -// Check if the session hasnt expired yet. -if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE)) -{ - logout( _('Session expired, please login again.'),"error"); -} + // Check if the session hasnt expired yet. + if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE)) + { + logout( _('Session expired, please login again.'),"error"); + } -// If the session hasn't expired yet, give our session a fresh new timestamp. -$_SESSION["lastmod"] = time(); + // If the session hasn't expired yet, give our session a fresh new timestamp. + $_SESSION["lastmod"] = time(); -if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) -{ - //Username and password are set, lets try to authenticate. - $result = $db->query("SELECT id, fullname, level FROM users WHERE username=". $db->quote($_SESSION["userlogin"]) ." AND password=". $db->quote(md5($_SESSION["userpwd"])) ." AND active=1"); - if($result->numRows() == 1) + if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) { - $rowObj = $result->fetchRow(); - $_SESSION["userid"] = $rowObj["id"]; - $_SESSION["name"] = $rowObj["fullname"]; - $_SESSION["level"] = $rowObj["level"]; - if(isset($_POST["authenticate"])) - { - //If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost. - session_write_close(); - clean_page("index.php"); - exit; - } - } - else - { - //Authentication failed, retry. - auth( _('Authentication failed!'),"error"); + //Username and password are set, lets try to authenticate. + $result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"]) ." AND password=". $db->quote(md5($_SESSION["userpwd"])) ." AND active=1"); + if($result->numRows() == 1) + { + $rowObj = $result->fetchRow(); + $_SESSION["userid"] = $rowObj["id"]; + $_SESSION["name"] = $rowObj["fullname"]; + if($_POST["authenticate"]) + { + //If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost. + session_write_close(); + clean_page("index.php"); + exit; + } + } + else + { + //Authentication failed, retry. + auth( _('Authentication failed!'),"error"); + } } -} -else -{ - //No username and password set, show auth form (again). - auth(); + else + { + //No username and password set, show auth form (again). + auth(); + } } /* @@ -105,6 +107,11 @@ + setOption('portability', MDB2_PORTABILITY_ALL ^ MDB2_PORTABILITY_EMPTY_TO_NULL); +function dbConnect() { + global $dbdsntype; + global $dbuser; + global $dbpass; + global $dbhost; + global $dbdatabase; + global $sql_regexp; -if (MDB2::isError($db)) -{ - // Error handling should be put. - error(MYSQL_ERROR_FATAL, $db->getMessage()); -} + $dsn = "$dbdsntype://$dbuser:$dbpass@$dbhost/$dbdatabase"; + $db = MDB2::connect($dsn); + $db->setOption('portability', MDB2_PORTABILITY_ALL ^ MDB2_PORTABILITY_EMPTY_TO_NULL); -// Do an ASSOC fetch. Gives us the ability to use ["id"] fields. -$db->setFetchMode(MDB2_FETCHMODE_ASSOC); - -/* erase info */ -$mysql_pass = $dsn = ''; + if (MDB2::isError($db)) + { + // Error handling should be put. + error(MYSQL_ERROR_FATAL, $db->getMessage()); + } -// Add support for regular expressions in both MySQL and PostgreSQL -if ( $dbdsntype == "mysql" ) -{ - $sql_regexp = "REGEXP"; -} -elseif ( $dbdsntype == "pgsql" ) -{ - $sql_regexp = "~"; + // Do an ASSOC fetch. Gives us the ability to use ["id"] fields. + $db->setFetchMode(MDB2_FETCHMODE_ASSOC); + + /* erase info */ + $mysql_pass = $dsn = ''; + + // Add support for regular expressions in both MySQL and PostgreSQL + if ( $dbdsntype == "mysql" ) + { + $sql_regexp = "REGEXP"; + } + elseif ( $dbdsntype == "pgsql" ) + { + $sql_regexp = "~"; + } + else + { + error(_('Unknown database type in inc/config.inc.php.')); + }; + return $db; } -else -{ - error(_('Unknown database type in inc/config.inc.php.')); -}; - ?> diff -r c72d6d51f3d3 -r c255196bc447 inc/dns.inc.php --- a/inc/dns.inc.php Wed Mar 12 20:45:56 2008 +0000 +++ b/inc/dns.inc.php Tue Mar 25 22:45:31 2008 +0000 @@ -43,129 +43,110 @@ $ip4 = false; $ip6 = false; - if(!in_array(strtoupper($type), $nocheck)) - { - - if(!is_valid_ip6($content)) - { - if(!is_valid_ip($content)) - { - if(!is_valid_hostname($content)) - { + if(!in_array(strtoupper($type), $nocheck)) { + if(!is_valid_ip6($content)) { + if(!is_valid_ip($content)) { + if(!is_valid_hostname($content)) { error(ERR_DNS_CONTENT); - } - else - { + return false; + } else { $hostname = true; } - } - else - { + } else { $ip4 = true; } - } - else - { + } else { $ip6 = true; } } // Prepare total hostname. - if($name == '*') - { + if ($name == '*') { $wildcard = true; } else { $wildcard = false; } - if ($name=="0") { - $name=$name.".".$domain; - } else { - $name = ($name) ? $name.".".$domain : $domain; - } +// TODO: Needs to be checked what this is good for. Since we started insert an array +// in functions like edit_record, "name"'s like "sub-fqdn.example.net" became +// "sub-fqdn.example.net.example.net". +// if ($name=="0") { +// $name=$name.".".$domain; +// } else { +// $name = ($name) ? $name.".".$domain : $domain; +// } if (preg_match('!@\.!i', $name)) { $name = str_replace('@.', '@', $name); } - - if(!$wildcard) - { - if(!is_valid_hostname($name)) - { + if(!$wildcard) { + if(!is_valid_hostname($name)) { error(ERR_DNS_HOSTNAME); + return false; } } // Check record type (if it exists in our allowed list. - if (!in_array(strtoupper($type), get_record_types())) - { + if (!in_array(strtoupper($type), get_record_types())) { error(ERR_DNS_RECORDTYPE); + return false; } // Start handling the demands for the functions. // Validation for IN A records. Can only have an IP. Nothing else. - if ($type == 'A' && !$ip4) - { + if ($type == 'A' && !$ip4) { error(ERR_DNS_IPV4); + return false; } - if ($type == 'AAAA' && !$ip6) - { + if ($type == 'AAAA' && !$ip6) { error(ERR_DNS_IPV6); + return false; } - if ($type == 'CNAME' && $hostname) - { - if(!is_valid_cname($name)) - { + if ($type == 'CNAME' && $hostname) { + if(!is_valid_cname($name)) { error(ERR_DNS_CNAME); + return false; } } - if ($type == 'NS') - { + if ($type == 'NS') { $status = is_valid_ns($content, $hostname); - if($status == -1) - { + if($status == -1) { error(ERR_DNS_NS_HNAME); + return false; } - elseif($status == -2) - { + elseif($status == -2) { error(ERR_DNS_NS_CNAME); + return false; } - // Otherwise its ok } - if ($type == 'SOA') - { + if ($type == 'SOA') { $status = is_valid_soa($content, $zoneid); - if($status == -1) - { + if($status == -1) { error(ERR_DNS_SOA_UNIQUE); - // Make nicer error - } - elseif($status == -2) - { + } elseif($status == -2) { error(ERR_DNS_SOA_NUMERIC); + return false; } } // HINFO and TXT require no validation. - if ($type == 'URL') - { - if(!is_valid_url($content)) - { + if ($type == 'URL') { + if(!is_valid_url($content)) { error(ERR_INV_URL); + return false; } } - if ($type == 'MBOXFW') - { - if(!is_valid_mboxfw($content)) - { + if ($type == 'MBOXFW') { + if(!is_valid_mboxfw($content)) { error(ERR_INV_EMAIL); + return false; } } @@ -177,36 +158,32 @@ // See if the prio field is valid and if we have one. // If we dont have one and the type is MX record, give it value '10' - if($type == 'NAPTR') - { + if($type == 'NAPTR') { } - if($type == 'MX') - { - if($hostname) - { + if($type == 'MX') { + if($hostname) { $status = is_valid_mx($content, $prio); - if($status == -1) - { + if($status == -1) { error(ERR_DNS_MX_CNAME); + return false; } - elseif($status == -2) - { + elseif($status == -2) { error(ERR_DNS_MX_PRIO); + return false; } + } else { + error( _('If you specify an MX record it must be a hostname.') ); // TODO make error + return false; } - else - { - error( _('If you specify an MX record it must be a hostname.') ); - } - } - else - { + } else { $prio=0; } // Validate the TTL, it has to be numeric. $ttl = (!isset($ttl) || !is_numeric($ttl)) ? $DEFAULT_TTL : $ttl; + + return true; } diff -r c72d6d51f3d3 -r c255196bc447 inc/error.inc.php --- a/inc/error.inc.php Wed Mar 12 20:45:56 2008 +0000 +++ b/inc/error.inc.php Tue Mar 25 22:45:31 2008 +0000 @@ -23,9 +23,20 @@ // if this is the best (or at least a proper) location for this. /RZ. require_once("inc/i18n.inc.php"); -/* USER LEVELS */ -define("ERR_LEVEL_5", _('You need user level 5 for this operation')); -define("ERR_LEVEL_10", _('You need user level 10 for this operation')); +/* PERMISSIONS */ +define("ERR_PERM_SEARCH", _("You do not have the permission to perform searches.")); +define("ERR_PERM_ADD_RECORD", _("You do not have the permission to add a record to this zone.")); +define("ERR_PERM_EDIT_RECORD", _("You do not have the permission to edit this record.")); +define("ERR_PERM_VIEW_RECORD", _("You do not have the permission to view this record.")); +define("ERR_PERM_DEL_RECORD", _("You do not have the permission to delete this record.")); +define("ERR_PERM_ADD_ZONE_MASTER", _("You do not have the permission to add a master zone.")); +define("ERR_PERM_DEL_ZONE", _("You do not have the permission to delete a zone.")); +define("ERR_PERM_DEL_SM", _("You do not have the permission to delete a supermaster.")); +define("ERR_PERM_VIEW_ZONE", _("You do not have the permission to view this zone.")); +define("ERR_PERM_EDIT_USER", _("You do not have the permission to edit this user.")); +define("ERR_PERM_EDIT_PERM_TEMPL", _("You do not have the permission to edit permission templates.")); +define("ERR_PERM_ADD_USER", _("You do not have the permission to add a new user.")); +define("ERR_PERM_DEL_USER", _("You do not have the permission to delete this user.")); /* RECORD STUFF */ define("ERR_RECORD_EMPTY_CONTENT", _('Your content field is empty')); @@ -34,6 +45,8 @@ /* DOMAIN STUFF */ define("ERR_DOMAIN_INVALID", _('This is an invalid zone name')); +define("ERR_SM_EXISTS", _('There is already a supermaster with this IP address.')); +define("ERR_DOMAIN_EXISTS", _('There is already a zone with this name.')); /* USER STUFF */ define("ERR_USER_EXIST", _('Username exist already, please choose another one')); @@ -43,6 +56,7 @@ define("ERR_USER_EDIT", _('Error editting user')); /* OTHER */ +define("ERR_INV_INPUT", _('Invalid or unexpected input given.')); define("ERR_INV_ARG", _('Invalid argument(s) given to function %s')); define("ERR_INV_ARGC", _('Invalid argument(s) given to function %s %s')); define("ERR_UNKNOWN", _('unknown error')); @@ -52,6 +66,7 @@ define("ERR_DNS_CONTENT", _('Your content field doesnt have a legit value')); define("ERR_DNS_HOSTNAME", _('Invalid hostname')); define("ERR_DNS_RECORDTYPE", _('Invalid record type! You shouldnt even been able to get that here')); +define("ERR_DNS_IP", _('This is not a valid IPv4 or IPv6 address.')); define("ERR_DNS_IPV6", _('This is not a valid IPv6 ip.')); define("ERR_DNS_IPV4", _('This is not a valid IPv4 ip.')); define("ERR_DNS_CNAME", _('This is not a valid CNAME. Did you assign an MX or NS record to the record?')); @@ -62,4 +77,15 @@ define("ERR_DNS_SOA_NUMERIC", _('One of your SOA data fields is not numeric!')); define("ERR_DNS_SOA_NUMERIC_FIELDS", _('You can only have 5 numeric fields')); define("ERR_DNS_SOA_HOSTNAME", _('The first part of your SOA record does not contain a valid hostname for a DNS Server')); + +/* GOOD! */ +define("SUC_ZONE_ADD", _('Zone has been added succesfully.')); +define("SUC_ZONE_DEL", _('Zone has been deleted succesfully.')); +define("SUC_USER_UPD", _('The user has been updated succesfully.')); +define("SUC_USER_ADD", _('The user has been created succesfully.')); +define("SUC_USER_DEL", _('The user has been deleted succesfully.')); +define("SUC_RECORD_UPD", _('The record has been updated succesfully.')); +define("SUC_RECORD_DEL", _('The record has been deleted succesfully.')); +define("SUC_SM_DEL", _('The supermaster has been deleted succesfully.')); + ?> diff -r c72d6d51f3d3 -r c255196bc447 inc/header.inc.php --- a/inc/header.inc.php Wed Mar 12 20:45:56 2008 +0000 +++ b/inc/header.inc.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,57 +20,57 @@ */ global $STYLE; -?> - - - - <?php echo _('Poweradmin'); ?> - - - -\n"; +echo "\n"; +echo " \n"; +echo " PowerAdmin\n"; +echo " \n"; +echo " \n"; +echo " \n"; + +if(file_exists('inc/custom_header.inc.php')) { include('inc/custom_header.inc.php'); } -?> -

- - - \n"; } -?> -
+echo "
\n"; diff -r c72d6d51f3d3 -r c255196bc447 inc/record.inc.php --- a/inc/record.inc.php Wed Mar 12 20:45:56 2008 +0000 +++ b/inc/record.inc.php Tue Mar 25 22:45:31 2008 +0000 @@ -19,86 +19,59 @@ * along with this program. If not, see . */ +function count_zone_records($zone_id) { + global $db; + $sqlq = "SELECT COUNT(id) FROM records WHERE domain_id = ".$db->quote($zone_id); + $record_count = $db->queryOne($sqlq); + return $record_count; +} + function update_soa_serial($domain_id) { - global $db; - /* - * THIS CODE ISNT TESTED THROUGH MUCH YET! - * !!!!!!! BETACODE !!!!!!!!!! - * Code committed by DeViCeD, Thanks a lot! - * Heavily hax0red by Trancer/azurazu - * - * First we have to check, wheather current searial number - * was already updated on the other nameservers. - * If field 'notified_serial' is NULL, then I guess domain is - * NATIVE and we don't have any secondary nameservers for this domain. - * NOTICE: Serial number *will* be RFC1912 compilant after update - * NOTICE: This function will allow only 100 DNS zone transfers ;-) - * YYYYMMDDnn - */ + global $db; $sqlq = "SELECT notified_serial FROM domains WHERE id = ".$db->quote($domain_id); $notified_serial = $db->queryOne($sqlq); $sqlq = "SELECT content FROM records WHERE type = 'SOA' AND domain_id = ".$db->quote($domain_id); $content = $db->queryOne($sqlq); - $need_to_update = false; - + $need_to_update = false; + // Getting the serial field. $soa = explode(" ", $content); - - if(empty($notified_serial)) - { - // Ok native replication, so we have to update. - $need_to_update = true; - } - elseif($notified_serial >= $soa[2]) - { - $need_to_update = true; - } - elseif(strlen($soa[2]) != 10) - { - $need_to_update = true; - } - else - { - $need_to_update = false; - } - if($need_to_update) - { - // Ok so we have to update it seems. - $current_serial = $soa[2]; - - /* - * What we need here (for RFC1912) is YEAR, MONTH and DAY - * so let's get it ... - */ + + if(empty($notified_serial)) { + // Ok native replication, so we have to update. + $need_to_update = true; + } elseif($notified_serial >= $soa[2]) { + $need_to_update = true; + } elseif(strlen($soa[2]) != 10) { + $need_to_update = true; + } else { + $need_to_update = false; + } + + if($need_to_update) { + // Ok so we have to update it seems. + $current_serial = $soa[2]; $new_serial = date('Ymd'); // we will add revision number later - if(strncmp($new_serial, $current_serial, 8) === 0) - { - /* - * Ok, so we already made updates tonight - * let's just increase the revision number - */ - $revision_number = (int) substr($current_serial, -2); - if ($revision_number == 99) return false; // ok, we cannot update anymore tonight - ++$revision_number; - // here it is ... same date, new revision - $new_serial .= str_pad($revision_number, 2, "0", STR_PAD_LEFT); - } - else - { - /* + if(strncmp($new_serial, $current_serial, 8) === 0) { + $revision_number = (int) substr($current_serial, -2); + if ($revision_number == 99) return false; // ok, we cannot update anymore tonight + ++$revision_number; + // here it is ... same date, new revision + $new_serial .= str_pad($revision_number, 2, "0", STR_PAD_LEFT); + } else { + /* * Current serial is not RFC1912 compilant, so let's make a new one */ - $new_serial .= '00'; + $new_serial .= '00'; } - $soa[2] = $new_serial; // change serial in SOA array + $soa[2] = $new_serial; // change serial in SOA array $new_soa = ""; // build new soa and update SQL after that - for ($i = 0; $i < count($soa); $i++) - { + for ($i = 0; $i < count($soa); $i++) { $new_soa .= $soa[$i] . " "; } $sqlq = "UPDATE records SET content = ".$db->quote($new_soa)." WHERE domain_id = ".$db->quote($domain_id)." AND type = 'SOA'"; @@ -112,147 +85,123 @@ * This function validates it if correct it inserts it into the database. * return values: true if succesful. */ -function edit_record($recordid, $zoneid, $name, $type, $content, $ttl, $prio) -{ - global $db; - if($content == "") - { - error(ERR_RECORD_EMPTY_CONTENT); - } - // Edits the given record (validates specific stuff first) - if (!xs(recid_to_domid($recordid))) - { - error(ERR_RECORD_ACCESS_DENIED); +function edit_record($record) { + + if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } + elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + else { $perm_content_edit = "none" ; } + + $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']); + $zone_type = get_domain_type($record['zid']); + + if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) { + return _("You are not allowed to edit this record.") ; + } else { + if($record['content'] == "") { + return _("Error: content field may not be empty.") ; + } + global $db; + // TODO: no need to check for numeric-ness of zone id if we check with validate_input as well? + if (is_numeric($record['zid'])) { + validate_input($record['zid'], $record['type'], $record['content'], $record['name'], $record['prio'], $record['ttl']); + $query = "UPDATE records + SET name=".$db->quote($record['name']).", + type=".$db->quote($record['type']).", + content=".$db->quote($record['content']).", + ttl=".$db->quote($record['ttl']).", + prio=".$db->quote($record['prio']).", + change_date=".$db->quote(time())." + WHERE id=".$db->quote($record['rid']); + $result = $db->Query($query); + if (PEAR::isError($result)) { + error($result->getMessage()); + return false; + } elseif ($record['type'] != 'SOA') { + update_soa_serial($record['zid']); + } + return true; + } + else + { + // TODO change to error style as above (returning directly) + error(sprintf(ERR_INV_ARGC, "edit_record", "no zoneid given")); + } } - if (is_numeric($zoneid)) - { - validate_input($zoneid, $type, $content, $name, $prio, $ttl); - $change = time(); - $db->query("UPDATE records set name=".$db->quote($name).", type=".$db->quote($type).", content=".$db->quote($content).", ttl=".$db->quote($ttl).", prio=".$db->quote($prio).", change_date=".$db->quote($change)." WHERE id=".$db->quote($recordid)); - - /* - * Added by DeViCeD - Update SOA Serial number - * There should be more checks - */ - if ($type != 'SOA') - { - update_soa_serial($zoneid); - } - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "edit_record", "no zoneid given")); - } - + return true; } -function add_record_owner($zoneid,$userid,$recordid) -{ - global $db; - if (!xs($zoneid)) - { - error(ERR_RECORD_ACCESS_DENIED); - } - if (is_numeric($zoneid) || is_numeric($userid) || is_numeric($recordid)) - { - $db->query("INSERT INTO record_owners (user_id, record_id) VALUES (".$db->quote($userid).", ".$db->quote($recordid).")"); - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "add_record_owner", "at least one of the arguments is not numeric")); - } -} - -function delete_record_owner($zoneid,$rowid,$recordid) -{ - global $db; - if (!xs($zoneid)) - { - error(ERR_RECORD_ACCESS_DENIED); - } - if (is_numeric($zoneid) || is_numeric($rowid) || is_numeric($recordid)) - { - $db->query("DELETE FROM record_owners WHERE id=".$db->quote($rowid)." AND record_id=".$db->quote($recordid)); - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "delete_record_owner", "at least one of the arguments is not numeric")); - } -} - /* * Adds a record. * This function validates it if correct it inserts it into the database. * return values: true if succesful. */ -function add_record($zoneid, $name, $type, $content, $ttl, $prio) -{ - +function add_record($zoneid, $name, $type, $content, $ttl, $prio) { global $db; - if (!xs($zoneid)) - { - error(ERR_RECORD_ACCESS_DENIED); - } - if (is_numeric($zoneid)) - { - // Check the user input. - validate_input($zoneid, $type, $content, $name, $prio, $ttl); + + if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } + elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + else { $perm_content_edit = "none" ; } + + $user_is_zone_owner = verify_user_is_owner_zoneid($zoneid); + $zone_type = get_domain_type($zoneid); - // Generate new timestamp for the daemon - $change = time(); - - // Execute query. - $db->query("INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (".$db->quote($zoneid).", ".$db->quote($name).", ".$db->quote($type).", ".$db->quote($content).", ".$db->quote($ttl).", ".$db->quote($prio).", ".$db->quote($change).")"); - if ($type != 'SOA') - { - update_soa_serial($zoneid); + if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) { + error(ERR_PERM_ADD_RECORD); + return false; + } else { + if (validate_input($zoneid, $type, $content, $name, $prio, $ttl) ) { + $change = time(); + $query = "INSERT INTO records VALUES (''," + . $db->quote($zoneid) . "," + . $db->quote($name) . "," + . $db->quote($type) . "," + . $db->quote($content) . "," + . $db->quote($ttl) . "," + . $db->quote($prio) . "," + . $db->quote($change) . ")"; + $response = $db->query($query); + if (PEAR::isError($response)) { + error($response->getMessage()); + return false; + } else { + if ($type != 'SOA') { update_soa_serial($zoneid); } + return true; + } + } else { + return false; } return true; } - else - { - error(sprintf(ERR_INV_ARG, "add_record")); - } } function add_supermaster($master_ip, $ns_name, $account) { global $db; - if (!is_valid_ip($master_ip) && !is_valid_ip6($master_ip)) - { - error(sprintf(ERR_INV_ARGC, "add_supermaster", "No or no valid ipv4 or ipv6 address given.")); + if (!is_valid_ip($master_ip) && !is_valid_ip6($master_ip)) { + error(ERR_DNS_IP); + return false; } - if (!is_valid_hostname($ns_name)) - { + if (!is_valid_hostname($ns_name)) { error(ERR_DNS_HOSTNAME); + return false; } - if (!validate_account($account)) - { + if (!validate_account($account)) { error(sprintf(ERR_INV_ARGC, "add_supermaster", "given account name is invalid (alpha chars only)")); + return false; } - if (supermaster_exists($master_ip)) - { - error(sprintf(ERR_INV_ARGC, "add_supermaster", "supermaster already exists")); - } - else - { + if (supermaster_exists($master_ip)) { + error(ERR_SM_EXISTS); + return false; + } else { $db->query("INSERT INTO supermasters VALUES (".$db->quote($master_ip).", ".$db->quote($ns_name).", ".$db->quote($account).")"); return true; } } -function delete_supermaster($master_ip) -{ - global $db; - if (!level(5)) - { - error(ERR_LEVEL_5); - } +function delete_supermaster($master_ip) { + global $db; if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) { $db->query("DELETE FROM supermasters WHERE ip = ".$db->quote($master_ip)); @@ -267,10 +216,6 @@ function get_supermaster_info_from_ip($master_ip) { global $db; - if (!level(5)) - { - error(ERR_LEVEL_5); - } if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) { $result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = ".$db->quote($master_ip)); @@ -289,48 +234,57 @@ } } +function get_record_details_from_record_id($rid) { + + global $db; + + $query = "SELECT * FROM records WHERE id = " . $db->quote($rid) ; + + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + while ($r = $response->fetchRow()) { + $return[] = array( + "rid" => $r['id'], + "zid" => $r['domain_id'], + "name" => $r['name'], + "type" => $r['type'], + "content" => $r['content'], + "ttl" => $r['ttl'], + "prio" => $r['prio'], + "change_date" => $r['change_date']); + } + return $return; +} /* * Delete a record by a given id. * return values: true, this function is always succesful. */ -function delete_record($id) +function delete_record($rid) { global $db; - // Check if the user has access. - if (!xs(recid_to_domid($id))) - { - error(ERR_RECORD_ACCESS_DENIED); - } + if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } + elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + else { $perm_content_edit = "none" ; } - // Retrieve the type of record to see if we can actually remove it. - $recordtype = get_recordtype_from_id($id); + // Determine ID of zone first. + $record = get_record_details_from_record_id($rid); + $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']); - // If the record type is NS and the user tries to delete it while ALLOW_NS_EDIT is set to 0 - // OR - // check if the name of the record isnt the domain name (if so it should delete all records) - // OR - // check if we are dealing with a SOA field (same story as NS) - if (($recordtype == "NS" && $GLOBALS["ALLOW_NS_EDIT"] != 1 && (get_name_from_record_id($id) == get_domain_name_from_id(recid_to_domid($id)))) || ($recordtype == "SOA" && $GLOBALS["ALLOW_SOA_EDIT"] != 1)) - { - error(sprintf(ERR_RECORD_DELETE_TYPE_DENIED, $recordtype)); - - } - if (is_numeric($id)) - { - $did = recid_to_domid($id); - $db->query('DELETE FROM records WHERE id=' . $db->quote($id) ); - if ($type != 'SOA') - { - update_soa_serial($did); + if ( $perm_content_edit == "all" || ($perm_content_edit == "own" && $user_is_zone_owner == "0" )) { + if ($record['type'] == "SOA") { + error(_('You are trying to delete the SOA record. If are not allowed to remove it, unless you remove the entire zone.')); + } else { + $quote = "DELETE FROM records WHERE id = " . $db->quote($rid); + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + return true; } - // $id doesnt exist in database anymore so its deleted or just not there which means "true" - return true; - } - else - { - error(sprintf(ERR_INV_ARG, "delete_record")); + } else { + error(ERR_PERM_DEL_RECORD); + return false; } } @@ -348,104 +302,87 @@ */ function add_domain($domain, $owner, $webip, $mailip, $empty, $type, $slave_master) { + if(verify_permission(zone_master_add)) { $zone_master_add = "1" ; } ; + if(verify_permission(zone_slave_add)) { $zone_slave_add = "1" ; } ; - global $db; + // TODO: make sure only one is possible if only one is enabled + if($zone_master_add == "1" || $zone_master_add == "1") { - if (!level(5)) - { - error(ERR_LEVEL_5); - } + global $db; + if (($domain && $owner && $webip && $mailip) || + ($empty && $owner && $domain) || + (eregi('in-addr.arpa', $domain) && $owner) || + $type=="SLAVE" && $domain && $owner && $slave_master) { + + $response = $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain).", ".$db->quote($type).")"); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } - // If domain, owner and mailip are given - // OR - // empty is given and owner and domain - // OR - // the domain is an arpa record and owner is given - // OR - // the type is slave, domain, owner and slave_master are given - // THAN - // Continue this function - if (($domain && $owner && $webip && $mailip) || ($empty && $owner && $domain) || (eregi('in-addr.arpa', $domain) && $owner) || $type=="SLAVE" && $domain && $owner && $slave_master) - { - // First insert zone into domain table - $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain).", ".$db->quote($type).")"); + $domain_id = $db->lastInsertId('domains', 'id'); + if (PEAR::isError($domain_id)) { error($id->getMessage()); return false; } + + $response = $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($domain_id).", ".$db->quote($owner).")"); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } - // Determine id of insert zone (in other words, find domain_id) - $iddomain = $db->lastInsertId('domains', 'id'); - if (PEAR::isError($iddomain)) { - die($id->getMessage()); - } - - // Second, insert into zones tables - $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($iddomain).", ".$db->quote($owner).")"); - - if ($type == "SLAVE") - { - $db->query("UPDATE domains SET master = ".$db->quote($slave_master)." WHERE id = ".$db->quote($iddomain)); - - // Done - return true; - } - else - { - // Generate new timestamp. We need this one anyhow. - $now = time(); + if ($type == "SLAVE") { + $response = $db->query("UPDATE domains SET master = ".$db->quote($slave_master)." WHERE id = ".$db->quote($domain_id)); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + return true; + } else { + $now = time(); + if ($empty && $domain_id) { + $ns1 = $GLOBALS['NS1']; + $hm = $GLOBALS['HOSTMASTER']; + $ttl = $GLOBALS['DEFAULT_TTL']; - if ($empty && $iddomain) - { - // If we come into this if statement we dont want to apply templates. - // Retrieve configuration settings. - $ns1 = $GLOBALS["NS1"]; - $hm = $GLOBALS["HOSTMASTER"]; - $ttl = $GLOBALS["DEFAULT_TTL"]; + $query = "INSERT INTO records VALUES (''," + . $db->quote($domain_id) . "," + . $db->quote($domain) . "," + . $db->quote($ns1.' '.$hm.' 1') + . ",'SOA'," + . $db->quote($ttl) + . ", 0, " + . $db->quote($now).")"; + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + } elseif ($domain_id) { + global $template; - // Build and execute query - $sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (".$db->quote($iddomain).", ".$db->quote($domain).", ".$db->quote($ns1.' '.$hm.' 1').", 'SOA', ".$db->quote($ttl).", 0, ".$db->quote($now).")"; - $db->query($sql); - - // Done - return true; - } - elseif ($iddomain) - { - // If we are here we want to apply templates. - global $template; + foreach ($template as $r) { + if ((eregi('in-addr.arpa', $domain) && ($r["type"] == "NS" || $r["type"] == "SOA")) || (!eregi('in-addr.arpa', $domain))) + { + $name = parse_template_value($r["name"], $domain, $webip, $mailip); + $type = $r["type"]; + $content = parse_template_value($r["content"], $domain, $webip, $mailip); + $ttl = $r["ttl"]; + $prio = intval($r["prio"]); - // Iterate over the template and apply it for each field. - foreach ($template as $r) - { - // Same type of if statement as previous. - if ((eregi('in-addr.arpa', $domain) && ($r["type"] == "NS" || $r["type"] == "SOA")) || (!eregi('in-addr.arpa', $domain))) - { - // Parse the template. - $name = parse_template_value($r["name"], $domain, $webip, $mailip); - $type = $r["type"]; - $content = parse_template_value($r["content"], $domain, $webip, $mailip); - $ttl = $r["ttl"]; - $prio = intval($r["prio"]); + if (!$ttl) { + $ttl = $GLOBALS["DEFAULT_TTL"]; + } - // If no ttl is given, use the default. - if (!$ttl) - { - $ttl = $GLOBALS["DEFAULT_TTL"]; + $query = "INSERT INTO records VALUES (''," + . $db->quote($domain_id) . "," + . $db->quote($name) . "," + . $db->quote($content) . "," + . $db->quote($type) . "," + . $db->quote($ttl) . "," + . $db->quote($prio) . "," + . $db->quote($now) . ")"; + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } } - - $sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (".$db->quote($iddomain).", ".$db->quote($name).", ".$db->quote($content).", ".$db->quote($type).", ".$db->quote($ttl).", ".$db->quote($prio).", ".$db->quote($now).")"; - $db->query($sql); } - } - // All done. - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "add_domain", "could not create zone")); - } + return true; + } else { + error(sprintf(ERR_INV_ARGC, "add_domain", "could not create zone")); + } + } + } else { + error(sprintf(ERR_INV_ARG, "add_domain")); } - } - else - { - error(sprintf(ERR_INV_ARG, "add_domain")); + } else { + error(ERR_PERM_ADD_ZONE_MASTER); + return false; } } @@ -458,24 +395,23 @@ { global $db; - if (!level(5)) - { - error(ERR_LEVEL_5); - } + if (verify_permission(zone_content_edit_others)) { $perm_edit = "all" ; } + elseif (verify_permission(zone_content_edit_own)) { $perm_edit = "own" ; } + else { $perm_edit = "none" ; } + $user_is_zone_owner = verify_user_is_owner_zoneid($id); - // See if the ID is numeric. - if (is_numeric($id)) - { - $db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id)); - $db->query("DELETE FROM domains WHERE id=".$db->quote($id)); - $db->query("DELETE FROM records WHERE domain_id=".$db->quote($id)); - // Nothing in the database. If the delete deleted 0 records it means the id is just not there. - // therefore the is no need to check the affectedRows values. - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "delete_domain", "id must be a number")); + if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) { + if (is_numeric($id)) { + $db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id)); + $db->query("DELETE FROM domains WHERE id=".$db->quote($id)); + $db->query("DELETE FROM records WHERE domain_id=".$db->quote($id)); + return true; + } else { + error(sprintf(ERR_INV_ARGC, "delete_domain", "id must be a number")); + return false; + } + } else { + error(ERR_PERM_DEL_ZONE); } } @@ -501,93 +437,50 @@ /* - * Sorts a zone by records. - * return values: the sorted zone. - */ -function sort_zone($records) -{ - $ar_so = array(); - $ar_ns = array(); - $ar_mx = array(); - $ar_mb = array(); - $ar_ur = array(); - $ar_ov = array(); - foreach ($records as $c) - { - switch(strtoupper($c['type'])) - { - case "SOA": - $ar_so[] = $c; - break; - case "NS": - $ar_ns[] = $c; - break; - case "MX": - $ar_mx[] = $c; - break; - case "MBOXFW": - $ar_mb[] = $c; - break; - case "URL": - $ar_ur[] = $c; - break; - default: - $ar_ov[] = $c; - break; - } - } - - $res = array_merge($ar_so, $ar_ns, $ar_mx, $ar_mb, $ar_ur, $ar_ov); - - if (count($records) == count($res)) - { - $records = $res; - } - else - { - error(sprintf(ERR_INV_ARGC, "sort_zone", "records sorting failed!")); - } - return $records; -} - - -/* * Change owner of a domain. - * Function should actually be in users.inc.php. But its more of a record modification than a user modification * return values: true when succesful. */ -function add_owner($domain, $newowner) +function add_owner_to_zone($zone_id, $user_id) { global $db; - - if (!level(5)) - { - error(ERR_LEVEL_5); - } - - if (is_numeric($domain) && is_numeric($newowner) && is_valid_user($newowner)) - { - if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($newowner)." AND domain_id=".$db->quote($domain)) == 0) + if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) { + // User is allowed to make change to meta data of this zone. + if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) { - $db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($domain).", ".$db->quote($newowner).")"); + if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) == 0) + { + $db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($zone_id).", ".$db->quote($user_id).")"); + } + return true; + } else { + error(sprintf(ERR_INV_ARGC, "add_owner_to_zone", "$zone_id / $user_id")); } - return true; - } - else - { - error(sprintf(ERR_INV_ARGC, "change_owner", "$domain / $newowner")); + } else { + return false; } } -function delete_owner($domain, $owner) +function delete_owner_from_zone($zone_id, $user_id) { global $db; - if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($owner)." AND domain_id=".$db->quote($domain)) != 0) - { - $db->query("DELETE FROM zones WHERE owner=".$db->quote($owner)." AND domain_id=".$db->quote($domain)); + if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) { + // User is allowed to make change to meta data of this zone. + if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) + { + // TODO: Next if() required, why not just execute DELETE query? + if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) != 0) + { + $db->query("DELETE FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)); + } + return true; + } else { + error(sprintf(ERR_INV_ARGC, "delete_owner_from_zone", "$zone_id / $user_id")); + } + } else { + return false; } - return true; + } /* @@ -653,130 +546,37 @@ function get_name_from_record_id($id) { global $db; - if (is_numeric($id)) - { + if (is_numeric($id)) { $result = $db->query("SELECT name FROM records WHERE id=".$db->quote($id)); $r = $result->fetchRow(); return $r["name"]; - } - else - { + } else { error(sprintf(ERR_INV_ARG, "get_name_from_record_id")); } } /* - * Get all the domains from a database of which the user is the owner. - * return values: an array with the id of the domain and its name. - */ -function get_domains_from_userid($id) -{ - global $db; - if (is_numeric($id)) - { - $a_zones = array(); - - // Check for zones the user has full access for (the - // user is owner of the zone. - - $res_full = $db->query("SELECT - domains.id AS domain_id, - domains.name AS name - FROM domains - LEFT JOIN zones ON domains.id=zones.domain_id - WHERE owner=".$db->quote($id)); - - // Process the output. - - $numrows = $res_full->numRows(); - $i=1; - if ($numrows > 0) - { - $andnot=" AND NOT domains.id IN ("; - while($r = $res_full->fetchRow()) { - - // Create array of zone id's and name's the owner - // has full access to. - - $a_zones[] = array( - "id" => $r["domain_id"], - "name" => $r["name"], - "partial" => "0" - ); - - // Create AND NOT for query of zones the user has - // only partial access to. In that query we just - // want to see the zones he has not full access to - // as well. - - $andnot.=$db->quote($r["domain_id"]); - if ($i < $numrows) { - $andnot.=","; - $i++; - } - - } - $andnot.=")"; - } - else - { - $andnot=""; - } - - // Check for zones the user has partial access only to. - - $res_partial = $db->query("SELECT DISTINCT - records.domain_id, - domains.name - FROM records, record_owners, domains - WHERE record_owners.user_id = ".$db->quote($id)." - AND records.id = record_owners.record_id - AND domains.id = records.domain_id - ".$andnot); - - // Add these zones to the array as well. - - while ($r = $res_partial->fetchRow()) - { - $a_zones[] = array( - "id" => $r["domain_id"], - "name" => $r["name"], - "partial" => "1" - ); - } - - return $a_zones; - } - else - { - error(sprintf(ERR_INV_ARGC, "get_domains_from_userid", "This is not a valid userid: $id")); - } -} - - -/* * Get domain name from a given id * return values: the name of the domain associated with the id. */ function get_domain_name_from_id($id) { global $db; - if (!xs($id)) - { - error(ERR_RECORD_ACCESS_DENIED); - } + if (is_numeric($id)) { $result = $db->query("SELECT name FROM domains WHERE id=".$db->quote($id)); - if ($result->numRows() == 1) - { + $rows = $result->numRows() ; + if ($rows == 1) { $r = $result->fetchRow(); return $r["name"]; - } - else - { + } elseif ($rows == "0") { + error(sprintf("Zone does not exist.")); + return false; + } else { error(sprintf(ERR_INV_ARGC, "get_domain_name_from_id", "more than one domain found?! whaaa! BAD! BAD! Contact admin!")); + return false; } } else @@ -785,86 +585,34 @@ } } - -/* - * Get information about a domain name from a given domain id. - * the function looks up the domainname, the owner of the domain and the number of records in it. - * return values: an array containing the information. - */ -function get_domain_info_from_id($id) -{ - global $db; - if (!xs($id)) - { - error(ERR_RECORD_ACCESS_DENIED); - } - if (is_numeric($id)) - { +function get_zone_info_from_id($zone_id) { - if ($_SESSION[$id."_ispartial"] == 1) { - - $sqlq = "SELECT - domains.type AS type, - domains.name AS name, - users.fullname AS owner, - count(record_owners.id) AS aantal - FROM domains, users, record_owners, records - - WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." - AND record_owners.record_id = records.id - AND records.domain_id = ".$db->quote($id)." + if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } + elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } + else { $perm_view = "none" ;} - GROUP BY domains.name, owner, users.fullname, domains.type - ORDER BY domains.name"; - - $result = $db->queryRow($sqlq); + if ($perm_view == "none") { + error(ERR_PERM_VIEW_ZONE); + } else { + global $db; - $ret = array( - "name" => $result["name"], - "ownerid" => $_SESSION["userid"], - "owner" => $result["owner"], - "type" => $result["type"], - "numrec" => $result["aantal"] - ); - - return $ret; + $query = "SELECT domains.type AS type, + domains.name AS name, + domains.master AS master_ip, + count(records.domain_id) AS record_count + FROM domains, records + WHERE domains.id = " . $db->quote($zone_id) . " + AND domains.id = records.domain_id + GROUP BY domains.id"; - } else{ - - // Query that retrieves the information we need. - $sqlq = "SELECT - domains.type AS type, - domains.name AS name, - min(zones.owner) AS ownerid, - users.fullname AS owner, - count(records.domain_id) AS aantal - FROM domains - LEFT JOIN records ON domains.id=records.domain_id - LEFT JOIN zones ON domains.id=zones.domain_id - LEFT JOIN users ON zones.owner=users.id - WHERE domains.id=$id - GROUP BY domains.name, owner, users.fullname, domains.type, zones.id - ORDER BY zones.id"; - - // Put the first occurence in an array and return it. - $result = $db->queryRow($sqlq); - - //$result["ownerid"] = ($result["ownerid"] == NULL) ? $db->queryOne("select min(id) from users where users.level=10") : $result["ownerid"]; - - $ret = array( - "name" => $result["name"], - "ownerid" => $result["ownerid"], - "owner" => $result["owner"], - "type" => $result["type"], - "numrec" => $result["aantal"] - ); - return $ret; - } - - } - else - { - error(sprintf(ERR_INV_ARGC, "get_domain_num_records_from_id", "This is not a valid domainid: $id")); + $response = $db->queryRow($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + $return = array( + "name" => $response['name'], + "type" => $response['type'], + "master_ip" => $response['master_ip'], + "record_count" => $response['record_count']); + return $return; } } @@ -877,24 +625,14 @@ { global $db; - if (!level(5)) - { - error(ERR_LEVEL_5); - } - if (is_valid_domain($domain)) - { + if (is_valid_domain($domain)) { $result = $db->query("SELECT id FROM domains WHERE name=".$db->quote($domain)); - if ($result->numRows() == 0) - { + if ($result->numRows() == 0) { return false; - } - elseif ($result->numRows() >= 1) - { + } elseif ($result->numRows() >= 1) { return true; } - } - else - { + } else { error(ERR_DOMAIN_INVALID); } } @@ -902,17 +640,16 @@ function get_supermasters() { global $db; - $result = $db->query("SELECT ip, nameserver, account FROM supermasters"); + + $result = $db->query("SELECT ip, nameserver, account FROM supermasters"); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + $ret = array(); - if($result->numRows() == 0) - { + if($result->numRows() == 0) { return -1; - } - else - { - while ($r = $result->fetchRow()) - { + } else { + while ($r = $result->fetchRow()) { $ret[] = array( "master_ip" => $r["ip"], "ns_name" => $r["nameserver"], @@ -926,10 +663,6 @@ function supermaster_exists($master_ip) { global $db; - if (!level(5)) - { - error(ERR_LEVEL_5); - } if (is_valid_ip($master_ip) || is_valid_ip6($master_ip)) { $result = $db->query("SELECT ip FROM supermasters WHERE ip = ".$db->quote($master_ip)); @@ -949,206 +682,92 @@ } -/* - * Get all domains from the database - * This function gets all the domains from the database unless a user id is below 5. - * if a user id is below 5 this function will only retrieve records for that user. - * return values: the array of domains or -1 if nothing is found. - */ -function get_domains($userid=true,$letterstart='all',$rowstart=0,$rowamount=999999) +function get_zones($perm,$userid=0,$letterstart=all,$rowstart=0,$rowamount=999999) { global $db; global $sql_regexp; - if((!level(5) || !$userid) && !level(10) && !level(5)) - { - $add = " AND zones.owner=".$db->quote($_SESSION["userid"]); + if ($perm != "own" && $perm != "all") { + error(ERR_PERM_VIEW_ZONE); + return false; } else { - $add = ""; + if ($perm == "own") { + $sql_add = " AND zones.domain_id = domains.id + AND zones.owner = ".$db->quote($userid); + } + if ($letterstart!=all && $letterstart!=1) { + $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; + } elseif ($letterstart==1) { + $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; + } } - - $sqlq = "SELECT domains.id AS domain_id, - min(zones.owner) AS owner, - count(DISTINCT records.id) AS aantal, - domains.name AS domainname - FROM domains - LEFT JOIN zones ON domains.id=zones.domain_id - LEFT JOIN records ON records.domain_id=domains.id - WHERE 1=1 $add "; - if ($letterstart!='all' && $letterstart!=1) { - $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letterstart); - } elseif ($letterstart==1) { - $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; - } - $sqlq.=" GROUP BY domainname, domains.id - ORDER BY domainname"; - + + $sqlq = "SELECT domains.id, + domains.name, + domains.type, + COUNT(DISTINCT records.id) AS count_records + FROM domains + LEFT JOIN zones ON domains.id=zones.domain_id + LEFT JOIN records ON records.domain_id=domains.id + WHERE 1=1".$sql_add." + GROUP BY domains.name, domains.id + ORDER BY domains.name"; + $db->setLimit($rowamount, $rowstart); $result = $db->query($sqlq); - // Set limit needs to be called before each query - $db->setLimit($rowamount, $rowstart); - $result2 = $db->query($sqlq); - - $numrows = $result2->numRows(); - $i=1; - if ($numrows > 0) { - $andnot=" AND NOT domains.id IN ("; - while($r = $result2->fetchRow()) { - $andnot.=$db->quote($r["domain_id"]); - if ($i < $numrows) { - $andnot.=","; - $i++; - } - } - $andnot.=")"; - } - else - { - $andnot=""; - } - - if ($letterstart!='all' && $letterstart!=1) { - - $sqlq = "SELECT domains.id AS domain_id, - count(DISTINCT record_owners.record_id) AS aantal, - domains.name AS domainname - FROM domains, record_owners,records, zones - WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." - AND (records.id = record_owners.record_id - AND domains.id = records.domain_id) - $andnot - AND domains.name LIKE ".$db->quote($letterstart."%")." - AND (zones.domain_id != records.domain_id AND zones.owner!=".$db->quote($_SESSION["userid"]).") - GROUP BY domainname, domains.id - ORDER BY domainname"; - - $result_extra = $db->query($sqlq); - - } else { - - $sqlq = "SELECT domains.id AS domain_id, - count(DISTINCT record_owners.record_id) AS aantal, - domains.name AS domainname - FROM domains, record_owners,records, zones - WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." - AND (records.id = record_owners.record_id - AND domains.id = records.domain_id) - $andnot"; - if ($letterstart != 'all') { - $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; - } - $sqlq .= "AND (zones.domain_id != records.domain_id AND zones.owner!=".$db->quote($_SESSION["userid"]).") - GROUP BY domainname, domains.id - ORDER BY domainname"; - - $result_extra[$i] = $db->query($sqlq); - - } while($r = $result->fetchRow()) { - $r["owner"] = ($r["owner"] == NULL) ? $db->queryOne("select min(id) from users where users.level=10") : $r["owner"]; - $ret[$r["domainname"]] = array( - "name" => $r["domainname"], - "id" => $r["domain_id"], - "owner" => $r["owner"], - "numrec" => $r["aantal"] - ); + $ret[$r["name"]] = array( + "id" => $r["id"], + "name" => $r["name"], + "type" => $r["type"], + "count_records" => $r["count_records"] + ); } - - - if ($letterstart!='all' && $letterstart!=1) { - - while($r = $result_extra->fetchRow()) - { - $ret[$r["domainname"]] = array( - "name" => $r["domainname"]."*", - "id" => $r["domain_id"], - "owner" => $_SESSION["userid"], - "numrec" => $r["aantal"] - ); - $_SESSION["partial_".$r["domainname"]] = 1; - } - - } else { - - foreach ($result_extra as $result_e) { - while($r = $result_e->fetchRow()) - { - $ret[$r["domainname"]] = array( - "name" => $r["domainname"]."*", - "id" => $r["domain_id"], - "owner" => $_SESSION["userid"], - "numrec" => $r["aantal"] - ); - $_SESSION["partial_".$r["domainname"]] = 1; - } - } - - } - - if (empty($ret)) { - return -1; - } else { - sort($ret); - return $ret; - } - + return $ret; } - -/* - * zone_count - * Does a select query to count how many zones we have in the database - * - * @todo: see whether or not it is possible to add the records - * @param $userid integer The userid of the current user - * @return integer the number of zones - */ - -function zone_count($userid=true, $letterstart='all') { - global $db; +// TODO: letterstart limitation and userid permission limitiation should be applied at the same time? +function zone_count_ng($perm, $letterstart=all) { + global $db; global $sql_regexp; - if((!level(5) || !$userid) && !level(10) && !level(5)) - { - // First select the zones for which we have ownership on one or more records. - $query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$db->quote($_SESSION['userid']).' AND records.id = record_owners.record_id'; - $result = $db->query($query); - $zones = array(); - if (!PEAR::isError($result)) { - $zones = $result->fetchCol(); + if ($perm != "own" && $perm != "all") { + $zone_count = "0"; + } + else + { + if ($perm == "own") { + $sql_add = " AND zones.domain_id = domains.id + AND zones.owner = ".$db->quote($_SESSION['userid']); + } + if ($letterstart!=all && $letterstart!=1) { + $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; + } elseif ($letterstart==1) { + $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; } - - $add = " AND (zones.owner=".$db->quote($_SESSION["userid"]); - if (count($zones) > 0) { - $add .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; - } - $add .= ')'; - } - else - { - $add = ""; - } + $sqlq = "SELECT COUNT(distinct domains.id) AS count_zones + FROM domains,zones + WHERE 1=1 + ".$sql_add.";"; + + $zone_count = $db->queryOne($sqlq); + } + return $zone_count; +} - if ($letterstart!='all' && $letterstart!=1) { - $add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." "; - } elseif ($letterstart==1) { - $add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'"; - } +function zone_count_for_uid($uid) { + global $db; + $query = "SELECT COUNT(domain_id) + FROM zones + WHERE owner = " . $db->quote($uid) . " + ORDER BY domain_id"; + $zone_count = $db->queryOne($query); + return $zone_count; +} - if (level(5)) - { - $query = 'SELECT count(distinct domains.id) as zone_count FROM domains WHERE 1=1 '.$add; - } - else - { - $query = 'SELECT count(distinct zones.domain_id) as zone_count FROM zones, domains WHERE zones.domain_id = domains.id '.$add; - } - $numRows = $db->queryOne($query); - return $numRows; -} /* * Get a record from an id. @@ -1169,15 +788,15 @@ { $r = $result->fetchRow(); $ret = array( - "id" => $r["id"], - "domain_id" => $r["domain_id"], - "name" => $r["name"], - "type" => $r["type"], - "content" => $r["content"], - "ttl" => $r["ttl"], - "prio" => $r["prio"], - "change_date" => $r["change_date"] - ); + "id" => $r["id"], + "domain_id" => $r["domain_id"], + "name" => $r["name"], + "type" => $r["type"], + "content" => $r["content"], + "ttl" => $r["ttl"], + "prio" => $r["prio"], + "change_date" => $r["change_date"] + ); return $ret; } else @@ -1197,58 +816,53 @@ * Retrieve all fields of the records and send it back to the function caller. * return values: the array with information, or -1 is nothing is found. */ -function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999) -{ +function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999) { global $db; - if (is_numeric($id)) - { + if (is_numeric($id)) { if ($_SESSION[$id."_ispartial"] == 1) { - $db->setLimit($rowamount, $rowstart); - $result = $db->query("SELECT record_owners.record_id as id - FROM record_owners,domains,records - WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])." - AND record_owners.record_id = records.id - AND records.domain_id = ".$db->quote($id)." - GROUP bY record_owners.record_id"); + $db->setLimit($rowamount, $rowstart); + $result = $db->query("SELECT record_owners.record_id as id + FROM record_owners,domains,records + WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"]) . " + AND record_owners.record_id = records.id + AND records.domain_id = " . $db->quote($id) . " + GROUP BY record_owners.record_id"); - $ret = array(); - if($result->numRows() == 0) - { - return -1; - } - else - { - $ret[] = array(); - $retcount = 0; - while($r = $result->fetchRow()) - { - // Call get_record_from_id for each row. - $ret[$retcount] = get_record_from_id($r["id"]); - $retcount++; - } - return $ret; - } + $ret = array(); + if($result->numRows() == 0) { + return -1; + } else { + $ret[] = array(); + $retcount = 0; + while($r = $result->fetchRow()) + { + // Call get_record_from_id for each row. + $ret[$retcount] = get_record_from_id($r["id"]); + $retcount++; + } + return $ret; + } } else { - $db->setLimit($rowamount, $rowstart); - $result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id)); - $ret = array(); - if($result->numRows() == 0) - { - return -1; - } - else - { - $ret[] = array(); - $retcount = 0; - while($r = $result->fetchRow()) + $db->setLimit($rowamount, $rowstart); + $result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id)); + $ret = array(); + if($result->numRows() == 0) + { + return -1; + } + else { - // Call get_record_from_id for each row. - $ret[$retcount] = get_record_from_id($r["id"]); - $retcount++; + $ret[] = array(); + $retcount = 0; + while($r = $result->fetchRow()) + { + // Call get_record_from_id for each row. + $ret[$retcount] = get_record_from_id($r["id"]); + $retcount++; + } + return $ret; } - return $ret; - } } } @@ -1259,165 +873,164 @@ } -function get_users_from_domain_id($id) -{ +function get_users_from_domain_id($id) { global $db; - $result = $db->queryCol("SELECT owner FROM zones WHERE domain_id=".$db->quote($id)); - $ret = array(); - foreach($result as $uid) - { - $fullname = $db->queryOne("SELECT fullname FROM users WHERE id=".$db->quote($uid)); - $ret[] = array( - "id" => $uid, - "fullname" => $fullname - ); + $sqlq = "SELECT owner FROM zones WHERE domain_id =" .$db->quote($id); + $id_owners = $db->query($sqlq); + if ($id_owners->numRows() == 0) { + return -1; + } else { + while ($r = $id_owners->fetchRow()) { + $fullname = $db->queryOne("SELECT fullname FROM users WHERE id=".$r['owner']); + $owners[] = array( + "id" => $r['owner'], + "fullname" => $fullname + ); + } } - return $ret; + return $owners; } -function search_record($question) -{ + +function search_zone_and_record($holy_grail,$perm) { + global $db; - $question = trim($question); + + $holy_grail = trim($holy_grail); + + if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } + elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } + else { $perm_view = "none" ; } + + if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; } + elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; } + else { $perm_content_edit = "none" ; } + + // Search for matching domains - if (is_valid_search($question)) - { - $sqlq = "SELECT * - FROM records - WHERE content LIKE ".$db->quote($question)." - OR name LIKE ".$db->quote($question)." - ORDER BY type DESC"; - $result = $db->query($sqlq); - $ret_r = array(); - while ($r = $result->fetchRow()) - { - if(xs($r['domain_id'])) - { - $ret_r[] = array( - 'id' => $r['id'], - 'domain_id' => $r['domain_id'], - 'name' => $r['name'], - 'type' => $r['type'], - 'content' => $r['content'], - 'ttl' => $r['ttl'], - 'prio' => $r['prio'], - 'change_date' => $r['change_date'] - ); - } - } + if ($perm == "own") { + $sql_add_from = ", zones "; + $sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($userid); + } + + $query = "SELECT + domains.id AS zid, + domains.name AS name, + domains.type AS type, + domains.master AS master + FROM domains" . $sql_add_from . " + WHERE domains.name LIKE " . $db->quote($holy_grail) + . $sql_add_where ; + + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } - $sqlq = "SELECT domains.id, domains.name, count(records.id) AS numrec, zones.owner, records.domain_id - FROM domains LEFT JOIN records ON domains.id = records.domain_id, zones - WHERE zones.domain_id = domains.id - AND domains.name LIKE ".$db->quote($question)." - GROUP BY domains.id, domains.name, zones.owner, records.domain_id"; - $result = $db->query($sqlq); - $ret_d = array(); - while ($r = $result->fetchRow()) - { - if(xs($r['id'])) - { - $ret_d[] = array( - 'id' => $r['id'], - 'name' => $r['name'], - 'numrec' => $r['numrec'], - 'owner' => $r['owner'] - ); - } - } - return array('domains' => $ret_d, 'records' => $ret_r); - } - else - { - error(sprintf(ERR_INV_ARGC, "search_record", "Invalid searchstring: $question")); + while ($r = $response->fetchRow()) { + $return_zones[] = array( + "zid" => $r['zid'], + "name" => $r['name'], + "type" => $r['type'], + "master" => $r['master']); } + // Search for matching records + + if ($perm == "own") { + $sql_add_from = ", zones "; + $sql_add_where = " AND zones.domain_id = record.id AND zones.owner = " . $db->quote($userid); + } + + $query = "SELECT + records.id AS rid, + records.name AS name, + records.type AS type, + records.content AS content, + records.ttl AS ttl, + records.prio AS prio, + records.domain_id AS zid + FROM records" . $sql_add_from . " + WHERE (records.name LIKE " . $db->quote($holy_grail) . " OR records.content LIKE " . $db->quote($holy_grail) . ")" + . $sql_add_where ; + + $response = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + while ($r = $response->fetchRow()) { + $return_records[] = array( + "rid" => $r['rid'], + "name" => $r['name'], + "type" => $r['type'], + "content" => $r['content'], + "ttl" => $r['ttl'], + "zid" => $r['zid'], + "prio" => $r['prio']); + } + return array('zones' => $return_zones, 'records' => $return_records); } -function get_domain_type($id) -{ +function get_domain_type($id) { global $db; - if (is_numeric($id)) - { + if (is_numeric($id)) { $type = $db->queryOne("SELECT type FROM domains WHERE id = ".$db->quote($id)); - if($type == "") - { + if ($type == "") { $type = "NATIVE"; } return $type; - } - else - { + } else { error(sprintf(ERR_INV_ARG, "get_record_from_id", "no or no valid zoneid given")); } } -function get_domain_slave_master($id) -{ +function get_domain_slave_master($id){ global $db; - if (is_numeric($id)) - { + if (is_numeric($id)) { $slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = ".$db->quote($id)); return $slave_master; - } - else - { + } else { error(sprintf(ERR_INV_ARG, "get_domain_slave_master", "no or no valid zoneid given")); } } -function change_domain_type($type, $id) +function change_zone_type($type, $id) { global $db; $add = ''; if (is_numeric($id)) { - // It is not really neccesary to clear the master field if a - // zone is not of the type "slave" as powerdns will ignore that - // fiedl, but it is cleaner anyway. - if ($type != "SLAVE") - { + // It is not really neccesary to clear the field that contains the IP address + // of the master if the type changes from slave to something else. PowerDNS will + // ignore the field if the type isn't something else then slave. But then again, + // it's much clearer this way. + if ($type != "SLAVE") { $add = ", master=''"; } - $result = $db->query("UPDATE domains SET type = " .$db->quote($type). $add." WHERE id = ".$db->quote($id)); - } - else - { + $result = $db->query("UPDATE domains SET type = " . $db->quote($type) . $add . " WHERE id = ".$db->quote($id)); + } else { error(sprintf(ERR_INV_ARG, "change_domain_type", "no or no valid zoneid given")); } } -function change_domain_slave_master($id, $slave_master) -{ +function change_zone_slave_master($zone_id, $ip_slave_master) { global $db; - if (is_numeric($id)) - { - if (is_valid_ip($slave_master) || is_valid_ip6($slave_master)) - { - $result = $db->query("UPDATE domains SET master = " .$db->quote($slave_master). " WHERE id = ".$db->quote($id)); + if (is_numeric($zone_id)) { + if (is_valid_ip($ip_slave_master) || is_valid_ip6($ip_slave_master)) { + $result = $db->query("UPDATE domains SET master = " .$db->quote($ip_slave_master). " WHERE id = ".$db->quote($zone_id)); + } else { + error(sprintf(ERR_INV_ARGC, "change_domain_ip_slave_master", "This is not a valid IPv4 or IPv6 address: $ip_slave_master")); } - else - { - error(sprintf(ERR_INV_ARGC, "change_domain_slave_master", "This is not a valid IPv4 or IPv6 address: $slave_master")); - } - } - else - { + } else { error(sprintf(ERR_INV_ARG, "change_domain_type", "no or no valid zoneid given")); } } -function validate_account($account) -{ - - if(preg_match("/^[A-Z0-9._-]+$/i",$account)) - { +function validate_account($account) { + if(preg_match("/^[A-Z0-9._-]+$/i",$account)) { return true; - } - else - { + } else { return false; } } + + ?> diff -r c72d6d51f3d3 -r c255196bc447 inc/toolkit.inc.php --- a/inc/toolkit.inc.php Wed Mar 12 20:45:56 2008 +0000 +++ b/inc/toolkit.inc.php Tue Mar 25 22:45:31 2008 +0000 @@ -22,7 +22,6 @@ session_start(); - if(!@include_once("config.inc.php")) { error( _('You have to create a config.inc.php!') ); @@ -79,6 +78,9 @@ require_once("dns.inc.php"); require_once("record.inc.php"); +$db = dbConnect(); +doAuthenticate(); + /************* * Functions * @@ -92,7 +94,7 @@ { if ($amount > $rowamount) { if (!isset($_GET["start"])) $_GET["start"]=1; - echo _('Show page') . "
"; + echo _('Show page') . ":
"; for ($i=1;$i<=ceil($amount / $rowamount);$i++) { if ($_GET["start"] == $i) { echo "[ ".$i." ] "; @@ -111,7 +113,7 @@ function show_letters($letterstart,$userid=true) { - echo _('Show zones beginning with:') . "
"; + echo _('Show zones beginning with') . ":
"; $letter = "[[:digit:]]"; if ($letterstart == "1") @@ -148,68 +150,42 @@ { global $db; global $sql_regexp; - $sqlq = "SELECT domains.id AS domain_id, - zones.owner, - records.id, - domains.name AS domainname - FROM domains - LEFT JOIN zones ON domains.id=zones.domain_id - LEFT JOIN records ON records.domain_id=domains.id - WHERE 1=1"; - if((!level(5) || !$userid) && !level(10) && !level(5)) - { - // First select the zones for which we have ownership on one or more records. - $query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$db->quote($_SESSION['userid']).' AND records.id = record_owners.record_id'; - $result = $db->query($query); - $zones = array(); - if (!PEAR::isError($result)) { - $zones = $result->fetchCol(); - } - - $sqlq .= " AND (zones.owner=".$db->quote($_SESSION["userid"]); - if (count($zones) > 0) { - $sqlq .= ' OR zones.domain_id IN ('.implode(',', $zones).') '; - - } - $sqlq .= ')'; - } - $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter); - $db->setLimit(1); - $result = $db->query($sqlq); + $query = "SELECT + domains.id AS domain_id, + zones.owner, + records.id, + domains.name AS domainname + FROM domains + LEFT JOIN zones ON domains.id=zones.domain_id + LEFT JOIN records ON records.domain_id=domains.id + AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter); + $db->setLimit(1); + $result = $db->query($query); $numrows = $result->numRows(); - if ( $numrows == "1" ) - { + if ( $numrows == "1" ) { return 1; - } - else - { + } else { return 0; } } -/* - * Print a nice useraimed error. - */ -function error($msg) -{ - // General function for printing critical errors. - if ($msg) - { - include_once("header.inc.php"); - ?> -

-

- Error: " . $msg . "
\n"; + } else { + echo "
" . _('An unknown error has occurred.') . "
\n"; } } +function success($msg) { + if ($msg) { + echo "
" . $msg . "
\n"; + } else { + echo "
" . _('Something has been successfully performed. What exactly, however, will remain a mystery.') . "
\n"; + } +} + + /* * Something has been done nicely, display a message and a back button. */ @@ -268,47 +244,6 @@ } } -function level($l) -{ - if ($_SESSION["level"] >= $l) - { - return 1; - } - else - { - return 0; - } -} - -function xs($zoneid) -{ - global $db; - if (is_numeric($zoneid) && is_numeric($_SESSION["level"])) - { - $result = $db->query("SELECT id FROM zones WHERE owner=".$db->quote($_SESSION["userid"])." AND domain_id=".$db->quote($zoneid)); - $db->setLimit(1); - $result_extra = $db->query("SELECT record_owners.id FROM record_owners,records WHERE record_owners.user_id=".$db->quote($_SESSION["userid"])." AND records.domain_id = ".$db->quote($zoneid)." AND records.id = record_owners.record_id"); - - if ($result->numRows() == 1 || $_SESSION["level"] >= 5) - { - $_SESSION[$zoneid."_ispartial"] = 0; - return true; - } - elseif ($result_extra->numRows() == 1) - { - $_SESSION[$zoneid."_ispartial"] = 1; - return true; - } - else - { - return false; - } - } - else - { - return false; - } -} function get_status($res) { @@ -344,4 +279,20 @@ } return true; } + + +function v_num($string) { + if (!eregi("^[0-9]+$", $string)) { + return false ; + } else { + return true ; + } +} + +function debug_r($array) { + echo "
\n";
+	print_r($array);
+	echo "
\n"; +} + ?> diff -r c72d6d51f3d3 -r c255196bc447 inc/users.inc.php --- a/inc/users.inc.php Wed Mar 12 20:45:56 2008 +0000 +++ b/inc/users.inc.php Tue Mar 25 22:45:31 2008 +0000 @@ -21,6 +21,77 @@ require_once("inc/toolkit.inc.php"); + +/* + * Function to see if user has right to do something. It will check if + * user has "ueberuser" bit set. If it isn't, it will check if the user has + * the specific permission. It returns "false" if the user doesn't have the + * right, and "true" if the user has. + */ + +function verify_permission($permission) { + + global $db; + + if ((!isset($_SESSION['userid'])) || (!is_object($db))) { + return 0; + } + + // Set current user ID. + $userid=$_SESSION['userid']; + + // Find the template ID that this user has been assigned. + $query = "SELECT perm_templ + FROM users + WHERE id = " . $db->quote($userid) ; + $templ_id = $db->queryOne($query); + + // Does this user have ueberuser rights? + $query = "SELECT id + FROM perm_templ_items + WHERE templ_id = " . $db->quote($templ_id) . " + AND perm_id = '53'"; + $result = $db->query($query); + if ( $result->numRows() > 0 ) { + return 1; + } + + // Find the permission ID for the requested permission. + $query = "SELECT id + FROM perm_items + WHERE name = " . $db->quote($permission) ; + $perm_id = $db->queryOne($query); + + // Check if the permission ID is assigned to the template ID. + $query = "SELECT id + FROM perm_templ_items + WHERE templ_id = " . $db->quote($templ_id) . " + AND perm_id = " . $db->quote($perm_id) ; + $result = $db->query($query); + if ( $result->numRows() > 0 ) { + return 1; + } else { + return 0; + } +} + +function list_permission_templates() { + global $db; + $query = "SELECT * FROM perm_templ"; + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + $template_list = array(); + while ($template= $result->fetchRow()) { + $tempate_list[] = array( + "id" => $template['id'], + "name" => $template['name'], + "descr" => $template['descr'] + ); + } + return $tempate_list; +} + /* * Retrieve all users. * Its to show_users therefore the odd name. Has to be changed. @@ -42,8 +113,8 @@ users.fullname AS fullname, users.email AS email, users.description AS description, - users.level AS level, users.active AS active, + users.perm_templ AS perm_templ, count(zones.owner) AS aantal FROM users LEFT JOIN zones ON users.id=zones.owner$add GROUP BY @@ -52,7 +123,7 @@ users.fullname, users.email, users.description, - users.level, + users.perm_templ, users.active ORDER BY users.fullname"; @@ -102,33 +173,6 @@ /* - * Gives a textdescribed value of the given levelid - * return values: the text associated with the level - */ -function leveldescription($id) -{ - switch($id) - { - case 1: - global $NAME_LEVEL_1; - return $NAME_LEVEL_1; - break; - case 5: - global $NAME_LEVEL_5; - return $NAME_LEVEL_5; - break; - case 10: - global $NAME_LEVEL_10; - return $NAME_LEVEL_10; - break; - default: - return "Unknown"; - break; - } -} - - -/* * Checks if a given username exists in the database. * return values: true if exists, false if not. */ @@ -151,79 +195,39 @@ } -/* - * Get all user info for the given user in an array. - * return values: the database style array with the information about the user. - */ -function get_user_info($id) -{ - global $db; - if (is_numeric($id)) - { - $result = $db->query("SELECT id, username, fullname, email, description, level, active from users where id=".$db->quote($id)); - $r = $result->fetchRow(); - return $r; - } - else - { - error(sprintf(ERR_INV_ARGC,"get_user_info", "you gave illegal arguments: $id")); - } -} - /* * Delete a user from the system * return values: true if user doesnt exist. */ -function delete_user($id) +function delete_user($uid,$zones) { global $db; - if (!level(10)) - { - error(ERR_LEVEL_10); - } - if (is_numeric($id)) - { - $db->query("DELETE FROM users WHERE id=".$db->quote($id)); - $db->query("DELETE FROM zones WHERE owner=".$db->quote($id)); - return true; - // No need to check the affected rows. If the affected rows would be 0, - // the user isnt in the dbase, just as we want. - } - else - { - error(ERR_INV_ARG); - } -} + if (($uid != $_SESSION['userid'] && !verify_permission(user_edit_others)) || ($uid == $_SESSION['userid'] && !verify_permission(user_edit_own))) { + error(ERR_PERM_DEL_USER); + return false; + } else { -/* - * Adds a user to the system. - * return values: true if succesfully added. - */ -function add_user($user, $password, $fullname, $email, $level, $description, $active) -{ - global $db; - if (!level(10)) - { - error(ERR_LEVEL_10); + if (is_array($zones)) { + foreach ($zones as $zone) { + if ($zone['target'] == "delete") { + delete_domain($zone['zid']); + } elseif ($zone['target'] == "new_owner") { + add_owner_to_zone($zone['zid'], $zone['newowner']); + } + } + } + + $query = "DELETE FROM zones WHERE owner = " . $db->quote($uid) ; + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + $query = "DELETE FROM users WHERE id = " . $db->quote($uid) ; + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } } - if (!user_exists($user)) - { - if (!is_valid_email($email)) - { - error(ERR_INV_EMAIL); - } - if ($active != 1) { - $active = 0; - } - $db->query("INSERT INTO users (username, password, fullname, email, description, level, active) VALUES (".$db->quote($user).", '" . md5($password) . "', ".$db->quote($fullname).", ".$db->quote($email).", ".$db->quote($description).", ".$db->quote($level).", ".$db->quote($active).")"); - return true; - } - else - { - error(ERR_USER_EXISTS); - } + return true; } @@ -231,57 +235,81 @@ * Edit the information of an user.. sloppy implementation with too many queries.. (2) :) * return values: true if succesful */ -function edit_user($id, $user, $fullname, $email, $level, $description, $active, $password) +function edit_user($id, $user, $fullname, $email, $perm_templ, $description, $active, $password) { global $db; - if(!level(10)) { - error(ERR_LEVEL_10); - } + + verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ; + verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ; + + if (($id == $_SESSION["userid"] && $perm_edit_own == "1") || ($id != $_SESSION["userid"] && $perm_edit_others == "1" )) { + + if (!is_valid_email($email)) { + error(ERR_INV_EMAIL); + return false; + } - if (!is_valid_email($email)) - { - error(ERR_INV_EMAIL); - } - if ($active != 1) { - $active = 0; - } - $sqlquery = "UPDATE users set username=".$db->quote($user).", fullname=".$db->quote($fullname).", email=".$db->quote($email).", level=".$db->quote($level).", description=".$db->quote($description).", active=".$db->quote($active); + if ($active != 1) { + $active = 0; + } + + // Before updating the database we need to check whether the user wants to + // change the username. If the user wants to change the username, we need + // to make sure it doesn't already exists. + // + // First find the current username of the user ID we want to change. If the + // current username is not the same as the username that was given by the + // user, the username should apparantly changed. If so, check if the "new" + // username already exists. - if($password != "") - { - $sqlquery .= ", password= '" . md5($password) . "' "; - } + $query = "SELECT username FROM users WHERE id = " . $db->quote($id); + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } - $sqlquery .= " WHERE id=".$db->quote($id) ; + $usercheck = array(); + $usercheck = $result->fetchRow(); - // Search the username that right now goes with this ID. - $result = $db->query("SELECT username from users where id=".$db->quote($id)); - $r = array(); - $r = $result->fetchRow(); + if ($usercheck['username'] != $user) { + + // Username of user ID in the database is different from the name + // we have been given. User wants a change of username. Now, make + // sure it doesn't already exist. + + $query = "SELECT id FROM users WHERE username = " . $db->query($user); + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } - // If the found username with this ID is the given username with the command.. execute. + if($result->numRows() > 0) { + error(ERR_USER_EXIST); + return false; + } + } - if($r["username"] == $user) - { - $db->query($sqlquery); - return true; - } + // So, user doesn't want to change username or, if he wants, there is not + // another user that goes by the wanted username. So, go ahead! - // Its not.. so the user wants to change. - // Find if there is an id that has the wished username. - $otheruser = $db->query("SELECT id from users where username=".$db->query($user)); - if($otheruser->numRows() > 0) - { - error(ERR_USER_EXIST); - } + $query = "UPDATE users SET + username = " . $db->quote($user) . ", + fullname = " . $db->quote($fullname) . ", + email = " . $db->quote($email) . ", + perm_templ = " . $db->quote($perm_templ) . ", + description = " . $db->quote($description) . ", + active = " . $db->quote($active) ; - // Its fine it seems.. :) - // Lets execute it. - else - { - $db->query($sqlquery); - return true; + if($password != "") { + $query .= ", password = " . $db->quote(md5($password)) ; + } + + $query .= " WHERE id = " . $db->quote($id) ; + + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + } else { + error(ERR_PERM_EDIT_USER); + return false; } + return true; } /* @@ -289,32 +317,29 @@ * The user is automatically logged out after the pass change. * return values: none. */ -function change_user_pass($currentpass, $newpass, $newpass2) -{ +function change_user_pass($details) { global $db; - - // Check if the passwords are equal. - if($newpass != $newpass2) - { + + if ($details['newpass'] != $details['newpass2']) { error(ERR_USER_MATCH_NEW_PASS); + return false; } - // Retrieve the users password. - $result = $db->query("SELECT password, id FROM users WHERE username=".$db->quote($_SESSION["userlogin"])); + $query = "SELECT id, password FROM users WHERE username = " . $db->quote($_SESSION["userlogin"]); + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + $rinfo = $result->fetchRow(); - // Check the current password versus the database password and execute the update. - if(md5($currentpass) == $rinfo["password"]) - { - $sqlquery = "update users set password='" . md5($newpass) . "' where id='" . $rinfo["id"] . "'"; - $db->query($sqlquery); + if(md5($details['currentpass']) == $rinfo['password']) { + $query = "UPDATE users SET password = " . $db->quote(md5($details['newpass'])) . " WHERE id = " . $db->quote($rinfo['id']) ; + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } - // Logout the user. - logout("Pass changed please re-login"); - } - else - { + logout( _('Password has been changed, please login.')); + } else { error(ERR_USER_WRONG_CURRENT_PASS); + return false; } } @@ -323,18 +348,15 @@ * Get a fullname when you have a userid. * return values: gives the fullname from a userid. */ -function get_fullname_from_userid($id) -{ +function get_fullname_from_userid($id) { global $db; - if (is_numeric($id)) - { + if (is_numeric($id)) { $result = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id)); $r = $result->fetchRow(); return $r["fullname"]; - } - else - { + } else { error(ERR_INV_ARG); + return false; } } @@ -369,7 +391,7 @@ * @param $id integer the id of the domain * @return String the list of owners for this domain */ -function get_owners_from_domainid($id) { +function get_fullnames_owners_from_domainid($id) { global $db; if (is_numeric($id)) @@ -392,4 +414,311 @@ error(ERR_INV_ARG); } + + +function verify_user_is_owner_zoneid($zoneid) { + global $db; + + $userid=$_SESSION["userid"]; + + if (is_numeric($zoneid)) { + $result = $db->query("SELECT zones.id + FROM zones + WHERE zones.owner = " . $db->quote($userid) . " + AND zones.domain_id = ". $db->quote($zoneid)) ; + if ($result->numRows() == 0) { + return "0"; + } else { + return "1"; + } + } + error(ERR_INV_ARG); +} + + +function get_user_detail_list($specific) { + + global $db; + $userid=$_SESSION['userid']; + + + if (v_num($specific)) { + $sql_add = "AND users.id = " . $db->quote($specific) ; + } else { + if (verify_permission(user_view_others)) { + $sql_add = ""; + } else { + $sql_add = "AND users.id = " . $db->quote($userid) ; + } + } + + $query = "SELECT users.id AS uid, + username, + fullname, + email, + description AS descr, + active, + perm_templ.id AS tpl_id, + perm_templ.name AS tpl_name, + perm_templ.descr AS tpl_descr + FROM users, perm_templ + WHERE users.perm_templ = perm_templ.id " + . $sql_add . " + ORDER BY username"; + + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + while ($user = $result->fetchRow()) { + $userlist[] = array( + "uid" => $user['uid'], + "username" => $user['username'], + "fullname" => $user['fullname'], + "email" => $user['email'], + "descr" => $user['descr'], + "active" => $user['active'], + "tpl_id" => $user['tpl_id'], + "tpl_name" => $user['tpl_name'], + "tpl_descr" => $user['tpl_descr'] + ); + } + return $userlist; +} + + +// Get a list of permissions that are available. If first argument is "0", it +// should return all available permissions. If the first argument is > "0", it +// should return the permissions assigned to that particular template only. If +// second argument is true, only the permission names are returned. + +function get_permissions_by_template_id($templ_id=0,$return_name_only=false) { + global $db; + + if ($templ_id > 0) { + $limit = ", perm_templ_items + WHERE perm_templ_items.templ_id = " . $db->quote($templ_id) . " + AND perm_templ_items.perm_id = perm_items.id"; + } + + $query = "SELECT perm_items.id AS id, + perm_items.name AS name, + perm_items.descr AS descr + FROM perm_items" + . $limit . " + ORDER BY descr"; + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + $permission_list = array(); + while ($permission = $result->fetchRow()) { + if ($return_name_only == false) { + $permission_list[] = array( + "id" => $permission['id'], + "name" => $permission['name'], + "descr" => $permission['descr'] + ); + } else { + $permission_list[] = $permission['name']; + } + } + return $permission_list; +} + + +// Get name and description of template based on template ID. + +function get_permission_template_details($templ_id) { + global $db; + + $query = "SELECT * + FROM perm_templ + WHERE perm_templ.id = " . $db->quote($templ_id); + + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + while($details = $result->fetchRow()) { + $detail_list[] = array ( + "name" => $details['name'], + "descr" => $details['descr'] + ); + } + return $detail_list; +} + + +// Get a list of all available permission templates. + +function get_list_permission_templates() { + global $db; + + $query = "SELECT * FROM perm_templ"; + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + $perm_templ_list = array(); + while ($perm_templ = $result->fetchRow()) { + $perm_templ_list[] = array( + "id" => $perm_templ['id'], + "name" => $perm_templ['name'], + "descr" => $perm_templ['descr'] + ); + } + return $perm_templ_list; +} + + +// Update all details of a permission template. + +function update_perm_templ_details($details) { + global $db; + + // Fix permission template name and description first. + + $query = "UPDATE perm_templ + SET name = " . $db->quote($details['templ_name']) . ", + descr = " . $db->quote($details['templ_descr']) . " + WHERE id = " . $db->quote($details['templ_id']) ; + + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + // Now, update list of permissions assigned to this template. We could do + // this The Correct Way [tm] by comparing the list of permissions that are + // currently assigned with a list of permissions that should be assigned and + // apply the difference between these two lists to the database. That sounds + // like to much work. Just delete all the permissions currently assigned to + // the template, than assign all the permessions the template should have. + + $query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details['templ_id'] ; + $result = $db->query($query); + if (pear::iserror($response)) { error($response->getmessage()); return false; } + + foreach ($details['perm_id'] AS $perm_id) { + $r_insert_values[] = "(''," . $db->quote($details['templ_id']) . "," . $db->quote($perm_id) . ")"; + } + $query = "INSERT INTO perm_templ_items VALUES " . implode(',', $r_insert_values) ; + $result = $db->query($query); + if (pear::iserror($response)) { error($response->getmessage()); return false; } + + return true; +} + +function update_user_details($details) { + + global $db; + + verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ; + verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ; + + if (($details['uid'] == $_SESSION["userid"] && $perm_edit_own == "1") || + ($details['uid'] != $_SESSION["userid"] && $perm_edit_others == "1" )) { + + if (!is_valid_email($details['email'])) { + error(ERR_INV_EMAIL); + return false; + } + + if (!isset($details['active']) || $details['active'] != "on" ) { + $active = 0; + } else { + $active = 1; + } + + // Before updating the database we need to check whether the user wants to + // change the username. If the user wants to change the username, we need + // to make sure it doesn't already exists. + // + // First find the current username of the user ID we want to change. If the + // current username is not the same as the username that was given by the + // user, the username should apparantly changed. If so, check if the "new" + // username already exists. + $query = "SELECT username FROM users WHERE id = " . $db->quote($details['uid']); + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + $usercheck = array(); + $usercheck = $result->fetchRow(); + + if ($usercheck['username'] != $details['username']) { + // Username of user ID in the database is different from the name + // we have been given. User wants a change of username. Now, make + // sure it doesn't already exist. + $query = "SELECT id FROM users WHERE username = " . $db->quote($details['username']); + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + if($result->numRows() > 0) { + error(ERR_USER_EXIST); + return false; + } + } + + // So, user doesn't want to change username or, if he wants, there is not + // another user that goes by the wanted username. So, go ahead! + + $query = "UPDATE users SET + username = " . $db->quote($details['username']) . ", + fullname = " . $db->quote($details['fullname']) . ", + email = " . $db->quote($details['email']) . ", + perm_templ = " . $db->quote($details['templ_id']) . ", + description = " . $db->quote($details['descr']) . ", + active = " . $db->quote($active) ; + + // TODO Check if function works if password is set too. + if($details['password'] != "") { + $query .= ", password = '" . md5($db->quote($details['password'])) . "' "; + } + + $query .= " WHERE id = " . $db->quote($details['uid']) ; + + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + } else { + error(ERR_PERM_EDIT_USER); + return false; + } + return true; +} + +// Add a new user + +function add_new_user($details) { + global $db; + + if (!verify_permission(user_add_new)) { + error(ERR_PERM_ADD_USER); + + } elseif (user_exists($details['username'])) { + error(ERR_USER_EXISTS); + + } elseif (!is_valid_email($details['email'])) { + error(ERR_INV_EMAIL); + + } elseif ($details['active'] == 1) { + $active = 1; + } else { + $active = 0; + } + + $query = "INSERT INTO users VALUES ( " + . "'', " + . $db->quote($details['username']) . ", " + . $db->quote(md5($details['password'])) . ", " + . $db->quote($details['fullname']) . ", " + . $db->quote($details['email']) . ", " + . $db->quote($details['descr']) . ", " + . $db->quote($details['perm_templ']) . ", " + . $db->quote($active) + . ")"; + + $result = $db->query($query); + if (PEAR::isError($response)) { error($response->getMessage()); return false; } + + return true; +} + + + ?> diff -r c72d6d51f3d3 -r c255196bc447 index.php --- a/index.php Wed Mar 12 20:45:56 2008 +0000 +++ b/index.php Tue Mar 25 22:45:31 2008 +0000 @@ -22,34 +22,41 @@ //session_start(); require_once("inc/toolkit.inc.php"); include_once("inc/header.inc.php"); -?> -

,

- \n"; - diff -r c72d6d51f3d3 -r c255196bc447 install.php --- a/install.php Wed Mar 12 20:45:56 2008 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,225 +0,0 @@ - for more details. - * - * Copyright 2007, 2008 Rejo Zenger - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -// addslashes to vars if magic_quotes_gpc is off -function slash_input_data(&$data) -{ - if ( is_array($data) ) - { - foreach ( $data as $k => $v ) - { - $data[$k] = ( is_array($v) ) ? slash_input_data($v) : addslashes($v); - } - } - return $data; -} - -set_magic_quotes_runtime(0); - -// If magic quotes is off, addslashes -if ( !get_magic_quotes_gpc() ) -{ - $_GET = slash_input_data($_GET); - $_POST = slash_input_data($_POST); - $_COOKIE = slash_input_data($_COOKIE); -} - - -error_reporting(E_ALL); -if(!@require_once("inc/config.inc.php")) -{ - error("You have to create a config.inc.php!"); -} -include_once("inc/header.inc.php"); - -$sup_types = array('mysql'); - -function error($msg=false) -{ - // General function for printing critical errors. - if ($msg) - { - ?> -

-
-

<< back

- query($sqlusers); - - if($db->isError($resusers)) - { - error("Can not create table users in $dbdatabase"); - } - - $reszones = $db->query($sqlzones); - - if($db->isError($reszones)) - { - error("Can not create zones table in $dbdatabase"); - } - $reszones = $db->query($sqlrecowns); - - if($db->isError($reszones)) - { - error("Can not create record_owners table in $dbdatabase"); - } - - $sqlinsert = "INSERT INTO - users - (username, password, fullname, email, description, level, active) - VALUES ( - '". $_POST['login'] ."', - '". md5(stripslashes($_POST['password'])) ."', - '". $_POST["fullname"] ."', - '". $_POST["email"] ."', - '". $_POST["description"] ."', - 10, - 1)"; - - $resadmin = $db->query($sqlinsert); - - if($db->isError($resadmin)) - { - - error("Can not add the admin to database $dbdatabase.users"); - } - else - { - - ?> -

-
-
-:
-
- here - -" . _('You didnt fill in one of the required fields!') . "
"; - } -} - -else -{ -?> - -

-
-
- * -


- -
- - - - - - - -
: *
: *
: *
: *
:
 
-
- diff -r c72d6d51f3d3 -r c255196bc447 list_perm_templ.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/list_perm_templ.php Tue Mar 25 22:45:31 2008 +0000 @@ -0,0 +1,62 @@ + for more details. + * + * Copyright 2007, 2008 Rejo Zenger + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); +verify_permission(templ_perm_edit) ? $perm_templ_perm_edit = "1" : $perm_templ_perm_edit = "0" ; + +$permission_templates = get_list_permission_templates() ; + +if ($perm_templ_perm_edit == "0") { + error(ERR_PERM_EDIT_PERM_TEMPL); +} else { + echo "

" . _('Permission templates') . "

\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + + foreach ($permission_templates as $template) { + + $perm_item_list = get_permissions_by_template_id($template['id'], true); + $perm_items = implode(', ', $perm_item_list); + + echo " \n"; + if ($perm_templ_perm_edit == "1") { + echo " \n"; + } else { + echo " \n"; + } + echo " \n"; + echo " \n"; + echo " \n"; + } + + echo "
 " . _('Name') . "" . _('Description') . "
\n"; + echo " \"[\n"; + echo " \"[\n"; + echo "  " . $template['name'] . "" . $template['descr'] . "
\n"; +} + +include_once("inc/footer.inc.php"); +?> diff -r c72d6d51f3d3 -r c255196bc447 list_supermasters.php --- a/list_supermasters.php Wed Mar 12 20:45:56 2008 +0000 +++ b/list_supermasters.php Tue Mar 25 22:45:31 2008 +0000 @@ -22,60 +22,41 @@ require_once("inc/toolkit.inc.php"); include_once("inc/header.inc.php"); -if (!level(5)) -{ -?> -

-

- +$supermasters = get_supermasters(); -

- - - - - - - - - - - - - - - - -
  - - - -
  - -
- ">" alt="[ ]"> -
-" . _('List all supermasters') . "\n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +if ($num_supermasters == "0") { + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; +} else { + foreach ($supermasters as $c) { + echo " \n"; + if ($perm_sm_edit == "1") { + echo " \n"; + } else { + echo "\n"; + } + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } } +echo "
 " . _('IP address of supermaster') . "" . _('Hostname in NS record') . "" . _('Account') . "
 \n"; + echo " " . _('No supermasters in this listing, sorry.') . "\n"; + echo "
\"[ " . $c['master_ip'] . "" . $c['ns_name'] . "" . $c['account'] . "
\n"; include_once("inc/footer.inc.php"); ?> diff -r c72d6d51f3d3 -r c255196bc447 list_zones.php --- a/list_zones.php Wed Mar 12 20:45:56 2008 +0000 +++ b/list_zones.php Tue Mar 25 22:45:31 2008 +0000 @@ -22,110 +22,72 @@ require_once("inc/toolkit.inc.php"); include_once("inc/header.inc.php"); -$num_all_domains = zone_count(0); -$doms = zone_count(0, LETTERSTART); -?> -

-"; - show_pages($doms,ROWAMOUNT); - echo ""; +if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } +elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } +else { $perm_view = "none" ;} + +if (verify_permission(zone_content_edit_others)) { $perm_edit = "all" ; } +elseif (verify_permission(zone_content_edit_own)) { $perm_edit = "own" ;} +else { $perm_edit = "none" ; } + +$count_zones_all = zone_count_ng("all"); +$count_zones_all_letterstart = zone_count_ng($perm_view,LETTERSTART); +$count_zones_view = zone_count_ng($perm_view); +$count_zones_edit = zone_count_ng($perm_edit); + +echo "

" . _('List zones') . "

\n"; + +if ($perm_view == "none") { + echo "

" . _("You do not have the permission to see any zones.") . "

\n"; +} else { + echo "
\n"; + show_pages($count_zones_all_letterstart,ROWAMOUNT); + echo "
\n"; -if ($num_all_domains > ROWAMOUNT) -{ - echo "
"; - show_letters(LETTERSTART); - echo "
"; -} -?> - - - - - - - - - + if ($count_zones_view > ROWAMOUNT) { + echo "
"; + show_letters(LETTERSTART); + echo "
"; + } + echo "
 
\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; - - - - - -\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + } + echo " \n"; + echo "
 " . _('Name') . "" . _('Type') . "" . _('Records') . "" . _('Owner') . "
 
\n"; + echo " \"[\n"; + if ( $perm_edit != "all" || $perm_edit != "none") { + $user_is_zone_owner = verify_user_is_owner_zoneid($zone["id"]); + } + if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) { + echo " \"[\n"; + } + echo " " . $zone["name"] . "" . strtolower($zone["type"]) . "" . $zone["count_records"] . "" . $zone_owners . "
\n"; + } -// If he has domains, dump them (duh) -else -{ - foreach ($doms as $c) - { - ?> - - - - ">" alt="[ ]"> - - ">" alt="[]"> - - - - - - -"; - } - else - { - print "".$zone_owners.""; - } - print "\n"; - } -} - -?> - - - -

- -

- - - - echo _('You only administer some records of domains marked with an (*).'); -?> - - diff -r c72d6d51f3d3 -r c255196bc447 search.php --- a/search.php Wed Mar 12 20:45:56 2008 +0000 +++ b/search.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,157 +20,117 @@ */ require_once('inc/toolkit.inc.php'); +include_once('inc/header.inc.php'); -if (isset($_POST['s_submit']) || isset($_POST['q'])) -{ - $submitted=true; - $search_result=search_record($_POST['q']); +if (!(verify_permission(search))) { + error(ERR_PERM_SEARCH); + include_once('inc/footer.inc.php'); + exit; + } else { - $submitted = false; -} + echo "

" . _('Search zones and records') . "

\n"; + + if ($_POST['submit']) { -// we will continue after the search form ... -include_once('inc/header.inc.php'); -?> + if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; } + elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; } + else { $perm_view = "none" ; } -

-

Query

- - - - - - - - - - - -
 
- -
'; + if (is_array($result['zones'])) { + echo "

" . _('Zones found') . ":

\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; - // let's check if we found any domains ... - if (count($search_result) == 2 && count($search_result['domains'])) - { - ?> -

:

-
 " . _('Name') . "" . _('Type') . "" . _('Master') . "
- - - - - - - - - - - - - - - - - - -
 
- ">" alt="[ ]"> - ">" alt="[]"> - -   -
-

- - : -

- - - - - - - - - - - - - - - - \n"; + echo " \n"; + echo " \n"; + echo " \n"; + if ($zone['type'] == "SLAVE") { + echo " \n"; + } else { + echo " \n"; + } + echo " \n"; } - else - { - ?> - - -
 
- - [ <?php echo _('Edit record'); ?> ] - [ <?php echo _('Delete record'); ?> ] - - \n"; + echo " \"[\n"; + if ( $perm_edit != "all" || $perm_edit != "none") { + $user_is_zone_owner = verify_user_is_owner_zoneid($zone['zid']); + } + if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) { + echo " \"[\n"; + } + echo " " . $zone['name'] . "" . $zone['type'] . "" . $zone['master'] . " 
- - - - - -
- "". -
- \n"; + } + + if (is_array($result['records'])) { + echo "

" . _('Records found') . ":

\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + + foreach ($result['records'] as $record) { + + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + if ($record['type'] == "MX") { + echo " \n"; + } else { + echo " \n"; + } + echo " \n"; + echo " \n"; + echo " \n"; + } + echo "
 " . _('Name') . "" . _('Type') . "" . _('Prio') . "" . _('Content') . "" . _('TTL') . "
\n"; + echo " \"[\n"; + if ( $perm_edit != "all" || $perm_edit != "none") { + $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']); + } + if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) { + echo " \"[\n"; + } + echo " " . $record['name'] . "" . $record['type'] . "" . $record['prio'] . " " . $record['content'] . "" . $record['ttl'] . "
\n"; + } + } - + + echo "

" . _('Query') . ":

\n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo "
" . _('Enter a hostname or IP address') . "
 
\n"; + } include_once('inc/footer.inc.php'); ?> diff -r c72d6d51f3d3 -r c255196bc447 style/example.inc.php --- a/style/example.inc.php Wed Mar 12 20:45:56 2008 +0000 +++ b/style/example.inc.php Tue Mar 25 22:45:31 2008 +0000 @@ -138,12 +138,12 @@ - - - - - - +textarea { + width: 100%; +} +input.wide { + width: 100%; +} for more details. - * - * Copyright 2007, 2008 Rejo Zenger - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -include_once("../inc/config.inc.php"); -$bgcolor = "#FCC229"; //Original style -?> - - -A:link { color: #000000} -A:visited { color: #000000} -A:active { color: #000000} -A:hover {text-decoration: none} -BODY {font-family: Verdana, Arial, Helvetica; background-image: url("images/background.jpg");} -TABLE {background-color: ; border: 1px solid #000000; width: 900px;} -TD {background-color: White; font-size: 12px;} -TR {background-color: } -.TDBG { - background-color: ; -} -.ERROR { - background-color: #FF0000; - border: 1px solid; - width: 600px; -} -.MESSAGETABLE { - background-color: ; - border: 1px solid; - width: 600px; -} - -.MESSAGE { - background-color: ; - width: 600px; -} -.NONE { - background-color: transparent; - border: none; - width: 0px; -} -.TEXT { - background-color: transparent !important; - border: 0px; -} -.SBUTTON { - BORDER-BOTTOM: #999999 1px solid; - BORDER-LEFT: #999999 1px solid; - BORDER-RIGHT: #999999 1px solid; - BORDER-TOP: #999999 1px solid; - BACKGROUND-COLOR: ; - COLOR: #000000; - BORDER-COLOR: #000000; - FONT-FAMILY: Verdana; - FONT-WEIGHT: Bold; - FONT-SIZE: 10px; - WIDTH MENARU: 60px; -} -.BUTTON { - BORDER-BOTTOM: #999999 1px solid; - BORDER-LEFT: #999999 1px solid; - BORDER-RIGHT: #999999 1px solid; - BORDER-TOP: #999999 1px solid; - BACKGROUND-COLOR: ; - COLOR: #000000; - BORDER-COLOR: #000000; - FONT-FAMILY: Verdana; - FONT-WEIGHT: Bold; - FONT-SIZE: 10px; - WIDTH MENARU: 120px; -} -.INPUT { - BORDER-BOTTOM: #999999 1px solid; - BORDER-LEFT: #999999 1px solid; - BORDER-RIGHT: #999999 1px solid; - BORDER-TOP: #999999 1px solid; - BACKGROUND-COLOR: #FFFFFF; - - COLOR: #000000; - BORDER-COLOR: #000000; - FONT-FAMILY: Verdana; - FONT-SIZE: 11px; - WIDTH MENARU: 180px; -} -.SINPUT { - BORDER-BOTTOM: #999999 1px solid; - BORDER-LEFT: #999999 1px solid; - BORDER-RIGHT: #999999 1px solid; - BORDER-TOP: #999999 1px solid; - BACKGROUND-COLOR: #FFFFFF; - COLOR: #000000; - BORDER-COLOR: #000000; - FONT-FAMILY: Verdana; - FONT-SIZE: 11px; - WIDTH MENARU: 40px; -} -.WARNING { - color: #FF0000; - font-weight: Bold; -} -.FOOTER { - font-size: 10px; -} -.ACTIVE { - color: #669933; - font-weight: Bold; -} -.INACTIVE { - color: #FF0000; - font-weight: Bold; -} -.NAV { - color: #0000FF; - font-weight: Bold; - A:link { color: #0000FF} - A:visited { color: #0000FF} - A:active { color: #0000FF} - A:hover {text-decoration: none} -} -.inputarea { - BORDER-BOTTOM: #999999 1px solid; - BORDER-LEFT: #999999 1px solid; - BORDER-RIGHT: #999999 1px solid; - BORDER-TOP: #999999 1px solid; - BACKGROUND-COLOR: #FFFFFF; - COLOR: #000000; - BORDER-COLOR: #000000; - FONT-FAMILY: Verdana; - FONT-SIZE: 11px; - WIDTH MENARU: 300px; - HEIGHT MENARU: 100px; -} diff -r c72d6d51f3d3 -r c255196bc447 users.php --- a/users.php Wed Mar 12 20:45:56 2008 +0000 +++ b/users.php Tue Mar 25 22:45:31 2008 +0000 @@ -20,144 +20,80 @@ */ require_once("inc/toolkit.inc.php"); +include_once("inc/header.inc.php"); +verify_permission(user_view_others) ? $perm_view_others = "1" : $perm_view_others = "0" ; +verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ; +verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ; +verify_permission(templ_perm_edit) ? $perm_templ_perm_edit = "1" : $perm_templ_perm_edit = "0" ; +verify_permission(is_ueberuser) ? $perm_is_godlike = "1" : $perm_is_godlike = "0" ; -if(isset($_POST["submit"]) -&& isset($_POST['username']) && $_POST["username"] != "" -&& isset($_POST['password']) && $_POST["password"] != "" -&& isset($_POST['fullname']) && $_POST["fullname"] != "" -&& isset($_POST['email']) && $_POST["email"] != "" -&& isset($_POST['level']) && $_POST["level"] > 0) -{ - if(substr_count($_POST["username"], " ") == 0) - { - if(strlen($_POST["password"]) < 8) - { - $error = _('Password length should be at least 8 characters.'); - } - else - { - add_user($_POST["username"], $_POST["password"], $_POST["fullname"], $_POST["email"], $_POST["level"], $_POST["description"], $_POST["active"]); - clean_page("users.php"); - } +if (isset($_POST['commit'])) { + foreach ($_POST['user'] as $user) { + update_user_details($user); } - else - { - $error = _('Usernames can\'t contain spaces'); - } -} -elseif(isset($_POST["submit"])) -{ - $error = _('Please fill in all fields'); } -include_once("inc/header.inc.php"); -if (isset($error) && $error != "") -{ -?> -
- -

- -

- +$users = get_user_detail_list(""); +echo "

" . _('User admin') . "

\n"; +echo "
\n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; +echo " \n"; -
 " . _('Username') . "" . _('Fullname') . "" . _('Description') . "" . _('Emailaddress') . "" . _('Template') . "" . _('Enabled') . "
- - - - - - - - - - - - - - - - - - - \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; } -?> - -
  () ()
">[ <?php echo _('Delete user'); ?> ]"> () - ">[ <?php echo _('Delete domain'); ?> ] ">
\n"; + if (($user['uid'] == $_SESSION["userid"] && $perm_edit_own == "1") || ($user['uid'] != $_SESSION["userid"] && $perm_edit_others == "1" )) { + echo " \"[\n"; + echo " \"[\n"; + } else { + echo "  \n"; + } + echo " \n"; + echo " \n"; + echo "
-

-

: .

-
- -
+ +echo " \n"; +echo " \n"; +echo "
\n"; -

-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:">
:">
:">
:">
: - -
:
:
 
-
-\n"; +if ($perm_templ_perm_edit == "1") { + echo _('Edit') . " " . _('permission templates') . ". \n"; +} + +if (verify_permission(user_add_new)) { + echo _('Add') . " " . _('user') . ". \n"; +} +echo "

\n"; + + include_once("inc/footer.inc.php"); ?>