\n";
diff -r c72d6d51f3d3 -r c255196bc447 inc/record.inc.php
--- a/inc/record.inc.php Wed Mar 12 20:45:56 2008 +0000
+++ b/inc/record.inc.php Tue Mar 25 22:45:31 2008 +0000
@@ -19,86 +19,59 @@
* along with this program. If not, see
.
*/
+function count_zone_records($zone_id) {
+ global $db;
+ $sqlq = "SELECT COUNT(id) FROM records WHERE domain_id = ".$db->quote($zone_id);
+ $record_count = $db->queryOne($sqlq);
+ return $record_count;
+}
+
function update_soa_serial($domain_id)
{
- global $db;
- /*
- * THIS CODE ISNT TESTED THROUGH MUCH YET!
- * !!!!!!! BETACODE !!!!!!!!!!
- * Code committed by DeViCeD, Thanks a lot!
- * Heavily hax0red by Trancer/azurazu
- *
- * First we have to check, wheather current searial number
- * was already updated on the other nameservers.
- * If field 'notified_serial' is NULL, then I guess domain is
- * NATIVE and we don't have any secondary nameservers for this domain.
- * NOTICE: Serial number *will* be RFC1912 compilant after update
- * NOTICE: This function will allow only 100 DNS zone transfers ;-)
- * YYYYMMDDnn
- */
+ global $db;
$sqlq = "SELECT notified_serial FROM domains WHERE id = ".$db->quote($domain_id);
$notified_serial = $db->queryOne($sqlq);
$sqlq = "SELECT content FROM records WHERE type = 'SOA' AND domain_id = ".$db->quote($domain_id);
$content = $db->queryOne($sqlq);
- $need_to_update = false;
-
+ $need_to_update = false;
+
// Getting the serial field.
$soa = explode(" ", $content);
-
- if(empty($notified_serial))
- {
- // Ok native replication, so we have to update.
- $need_to_update = true;
- }
- elseif($notified_serial >= $soa[2])
- {
- $need_to_update = true;
- }
- elseif(strlen($soa[2]) != 10)
- {
- $need_to_update = true;
- }
- else
- {
- $need_to_update = false;
- }
- if($need_to_update)
- {
- // Ok so we have to update it seems.
- $current_serial = $soa[2];
-
- /*
- * What we need here (for RFC1912) is YEAR, MONTH and DAY
- * so let's get it ...
- */
+
+ if(empty($notified_serial)) {
+ // Ok native replication, so we have to update.
+ $need_to_update = true;
+ } elseif($notified_serial >= $soa[2]) {
+ $need_to_update = true;
+ } elseif(strlen($soa[2]) != 10) {
+ $need_to_update = true;
+ } else {
+ $need_to_update = false;
+ }
+
+ if($need_to_update) {
+ // Ok so we have to update it seems.
+ $current_serial = $soa[2];
$new_serial = date('Ymd'); // we will add revision number later
- if(strncmp($new_serial, $current_serial, 8) === 0)
- {
- /*
- * Ok, so we already made updates tonight
- * let's just increase the revision number
- */
- $revision_number = (int) substr($current_serial, -2);
- if ($revision_number == 99) return false; // ok, we cannot update anymore tonight
- ++$revision_number;
- // here it is ... same date, new revision
- $new_serial .= str_pad($revision_number, 2, "0", STR_PAD_LEFT);
- }
- else
- {
- /*
+ if(strncmp($new_serial, $current_serial, 8) === 0) {
+ $revision_number = (int) substr($current_serial, -2);
+ if ($revision_number == 99) return false; // ok, we cannot update anymore tonight
+ ++$revision_number;
+ // here it is ... same date, new revision
+ $new_serial .= str_pad($revision_number, 2, "0", STR_PAD_LEFT);
+ } else {
+ /*
* Current serial is not RFC1912 compilant, so let's make a new one
*/
- $new_serial .= '00';
+ $new_serial .= '00';
}
- $soa[2] = $new_serial; // change serial in SOA array
+ $soa[2] = $new_serial; // change serial in SOA array
$new_soa = "";
// build new soa and update SQL after that
- for ($i = 0; $i < count($soa); $i++)
- {
+ for ($i = 0; $i < count($soa); $i++) {
$new_soa .= $soa[$i] . " ";
}
$sqlq = "UPDATE records SET content = ".$db->quote($new_soa)." WHERE domain_id = ".$db->quote($domain_id)." AND type = 'SOA'";
@@ -112,147 +85,123 @@
* This function validates it if correct it inserts it into the database.
* return values: true if succesful.
*/
-function edit_record($recordid, $zoneid, $name, $type, $content, $ttl, $prio)
-{
- global $db;
- if($content == "")
- {
- error(ERR_RECORD_EMPTY_CONTENT);
- }
- // Edits the given record (validates specific stuff first)
- if (!xs(recid_to_domid($recordid)))
- {
- error(ERR_RECORD_ACCESS_DENIED);
+function edit_record($record) {
+
+ if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; }
+ elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; }
+ else { $perm_content_edit = "none" ; }
+
+ $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']);
+ $zone_type = get_domain_type($record['zid']);
+
+ if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) {
+ return _("You are not allowed to edit this record.") ;
+ } else {
+ if($record['content'] == "") {
+ return _("Error: content field may not be empty.") ;
+ }
+ global $db;
+ // TODO: no need to check for numeric-ness of zone id if we check with validate_input as well?
+ if (is_numeric($record['zid'])) {
+ validate_input($record['zid'], $record['type'], $record['content'], $record['name'], $record['prio'], $record['ttl']);
+ $query = "UPDATE records
+ SET name=".$db->quote($record['name']).",
+ type=".$db->quote($record['type']).",
+ content=".$db->quote($record['content']).",
+ ttl=".$db->quote($record['ttl']).",
+ prio=".$db->quote($record['prio']).",
+ change_date=".$db->quote(time())."
+ WHERE id=".$db->quote($record['rid']);
+ $result = $db->Query($query);
+ if (PEAR::isError($result)) {
+ error($result->getMessage());
+ return false;
+ } elseif ($record['type'] != 'SOA') {
+ update_soa_serial($record['zid']);
+ }
+ return true;
+ }
+ else
+ {
+ // TODO change to error style as above (returning directly)
+ error(sprintf(ERR_INV_ARGC, "edit_record", "no zoneid given"));
+ }
}
- if (is_numeric($zoneid))
- {
- validate_input($zoneid, $type, $content, $name, $prio, $ttl);
- $change = time();
- $db->query("UPDATE records set name=".$db->quote($name).", type=".$db->quote($type).", content=".$db->quote($content).", ttl=".$db->quote($ttl).", prio=".$db->quote($prio).", change_date=".$db->quote($change)." WHERE id=".$db->quote($recordid));
-
- /*
- * Added by DeViCeD - Update SOA Serial number
- * There should be more checks
- */
- if ($type != 'SOA')
- {
- update_soa_serial($zoneid);
- }
- return true;
- }
- else
- {
- error(sprintf(ERR_INV_ARGC, "edit_record", "no zoneid given"));
- }
-
+ return true;
}
-function add_record_owner($zoneid,$userid,$recordid)
-{
- global $db;
- if (!xs($zoneid))
- {
- error(ERR_RECORD_ACCESS_DENIED);
- }
- if (is_numeric($zoneid) || is_numeric($userid) || is_numeric($recordid))
- {
- $db->query("INSERT INTO record_owners (user_id, record_id) VALUES (".$db->quote($userid).", ".$db->quote($recordid).")");
- return true;
- }
- else
- {
- error(sprintf(ERR_INV_ARGC, "add_record_owner", "at least one of the arguments is not numeric"));
- }
-}
-
-function delete_record_owner($zoneid,$rowid,$recordid)
-{
- global $db;
- if (!xs($zoneid))
- {
- error(ERR_RECORD_ACCESS_DENIED);
- }
- if (is_numeric($zoneid) || is_numeric($rowid) || is_numeric($recordid))
- {
- $db->query("DELETE FROM record_owners WHERE id=".$db->quote($rowid)." AND record_id=".$db->quote($recordid));
- return true;
- }
- else
- {
- error(sprintf(ERR_INV_ARGC, "delete_record_owner", "at least one of the arguments is not numeric"));
- }
-}
-
/*
* Adds a record.
* This function validates it if correct it inserts it into the database.
* return values: true if succesful.
*/
-function add_record($zoneid, $name, $type, $content, $ttl, $prio)
-{
-
+function add_record($zoneid, $name, $type, $content, $ttl, $prio) {
global $db;
- if (!xs($zoneid))
- {
- error(ERR_RECORD_ACCESS_DENIED);
- }
- if (is_numeric($zoneid))
- {
- // Check the user input.
- validate_input($zoneid, $type, $content, $name, $prio, $ttl);
+
+ if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; }
+ elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; }
+ else { $perm_content_edit = "none" ; }
+
+ $user_is_zone_owner = verify_user_is_owner_zoneid($zoneid);
+ $zone_type = get_domain_type($zoneid);
- // Generate new timestamp for the daemon
- $change = time();
-
- // Execute query.
- $db->query("INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (".$db->quote($zoneid).", ".$db->quote($name).", ".$db->quote($type).", ".$db->quote($content).", ".$db->quote($ttl).", ".$db->quote($prio).", ".$db->quote($change).")");
- if ($type != 'SOA')
- {
- update_soa_serial($zoneid);
+ if ( $zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0" ) {
+ error(ERR_PERM_ADD_RECORD);
+ return false;
+ } else {
+ if (validate_input($zoneid, $type, $content, $name, $prio, $ttl) ) {
+ $change = time();
+ $query = "INSERT INTO records VALUES ('',"
+ . $db->quote($zoneid) . ","
+ . $db->quote($name) . ","
+ . $db->quote($type) . ","
+ . $db->quote($content) . ","
+ . $db->quote($ttl) . ","
+ . $db->quote($prio) . ","
+ . $db->quote($change) . ")";
+ $response = $db->query($query);
+ if (PEAR::isError($response)) {
+ error($response->getMessage());
+ return false;
+ } else {
+ if ($type != 'SOA') { update_soa_serial($zoneid); }
+ return true;
+ }
+ } else {
+ return false;
}
return true;
}
- else
- {
- error(sprintf(ERR_INV_ARG, "add_record"));
- }
}
function add_supermaster($master_ip, $ns_name, $account)
{
global $db;
- if (!is_valid_ip($master_ip) && !is_valid_ip6($master_ip))
- {
- error(sprintf(ERR_INV_ARGC, "add_supermaster", "No or no valid ipv4 or ipv6 address given."));
+ if (!is_valid_ip($master_ip) && !is_valid_ip6($master_ip)) {
+ error(ERR_DNS_IP);
+ return false;
}
- if (!is_valid_hostname($ns_name))
- {
+ if (!is_valid_hostname($ns_name)) {
error(ERR_DNS_HOSTNAME);
+ return false;
}
- if (!validate_account($account))
- {
+ if (!validate_account($account)) {
error(sprintf(ERR_INV_ARGC, "add_supermaster", "given account name is invalid (alpha chars only)"));
+ return false;
}
- if (supermaster_exists($master_ip))
- {
- error(sprintf(ERR_INV_ARGC, "add_supermaster", "supermaster already exists"));
- }
- else
- {
+ if (supermaster_exists($master_ip)) {
+ error(ERR_SM_EXISTS);
+ return false;
+ } else {
$db->query("INSERT INTO supermasters VALUES (".$db->quote($master_ip).", ".$db->quote($ns_name).", ".$db->quote($account).")");
return true;
}
}
-function delete_supermaster($master_ip)
-{
- global $db;
- if (!level(5))
- {
- error(ERR_LEVEL_5);
- }
+function delete_supermaster($master_ip) {
+ global $db;
if (is_valid_ip($master_ip) || is_valid_ip6($master_ip))
{
$db->query("DELETE FROM supermasters WHERE ip = ".$db->quote($master_ip));
@@ -267,10 +216,6 @@
function get_supermaster_info_from_ip($master_ip)
{
global $db;
- if (!level(5))
- {
- error(ERR_LEVEL_5);
- }
if (is_valid_ip($master_ip) || is_valid_ip6($master_ip))
{
$result = $db->queryRow("SELECT ip,nameserver,account FROM supermasters WHERE ip = ".$db->quote($master_ip));
@@ -289,48 +234,57 @@
}
}
+function get_record_details_from_record_id($rid) {
+
+ global $db;
+
+ $query = "SELECT * FROM records WHERE id = " . $db->quote($rid) ;
+
+ $response = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ while ($r = $response->fetchRow()) {
+ $return[] = array(
+ "rid" => $r['id'],
+ "zid" => $r['domain_id'],
+ "name" => $r['name'],
+ "type" => $r['type'],
+ "content" => $r['content'],
+ "ttl" => $r['ttl'],
+ "prio" => $r['prio'],
+ "change_date" => $r['change_date']);
+ }
+ return $return;
+}
/*
* Delete a record by a given id.
* return values: true, this function is always succesful.
*/
-function delete_record($id)
+function delete_record($rid)
{
global $db;
- // Check if the user has access.
- if (!xs(recid_to_domid($id)))
- {
- error(ERR_RECORD_ACCESS_DENIED);
- }
+ if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; }
+ elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; }
+ else { $perm_content_edit = "none" ; }
- // Retrieve the type of record to see if we can actually remove it.
- $recordtype = get_recordtype_from_id($id);
+ // Determine ID of zone first.
+ $record = get_record_details_from_record_id($rid);
+ $user_is_zone_owner = verify_user_is_owner_zoneid($record['zid']);
- // If the record type is NS and the user tries to delete it while ALLOW_NS_EDIT is set to 0
- // OR
- // check if the name of the record isnt the domain name (if so it should delete all records)
- // OR
- // check if we are dealing with a SOA field (same story as NS)
- if (($recordtype == "NS" && $GLOBALS["ALLOW_NS_EDIT"] != 1 && (get_name_from_record_id($id) == get_domain_name_from_id(recid_to_domid($id)))) || ($recordtype == "SOA" && $GLOBALS["ALLOW_SOA_EDIT"] != 1))
- {
- error(sprintf(ERR_RECORD_DELETE_TYPE_DENIED, $recordtype));
-
- }
- if (is_numeric($id))
- {
- $did = recid_to_domid($id);
- $db->query('DELETE FROM records WHERE id=' . $db->quote($id) );
- if ($type != 'SOA')
- {
- update_soa_serial($did);
+ if ( $perm_content_edit == "all" || ($perm_content_edit == "own" && $user_is_zone_owner == "0" )) {
+ if ($record['type'] == "SOA") {
+ error(_('You are trying to delete the SOA record. If are not allowed to remove it, unless you remove the entire zone.'));
+ } else {
+ $quote = "DELETE FROM records WHERE id = " . $db->quote($rid);
+ $response = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+ return true;
}
- // $id doesnt exist in database anymore so its deleted or just not there which means "true"
- return true;
- }
- else
- {
- error(sprintf(ERR_INV_ARG, "delete_record"));
+ } else {
+ error(ERR_PERM_DEL_RECORD);
+ return false;
}
}
@@ -348,104 +302,87 @@
*/
function add_domain($domain, $owner, $webip, $mailip, $empty, $type, $slave_master)
{
+ if(verify_permission(zone_master_add)) { $zone_master_add = "1" ; } ;
+ if(verify_permission(zone_slave_add)) { $zone_slave_add = "1" ; } ;
- global $db;
+ // TODO: make sure only one is possible if only one is enabled
+ if($zone_master_add == "1" || $zone_master_add == "1") {
- if (!level(5))
- {
- error(ERR_LEVEL_5);
- }
+ global $db;
+ if (($domain && $owner && $webip && $mailip) ||
+ ($empty && $owner && $domain) ||
+ (eregi('in-addr.arpa', $domain) && $owner) ||
+ $type=="SLAVE" && $domain && $owner && $slave_master) {
+
+ $response = $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain).", ".$db->quote($type).")");
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
- // If domain, owner and mailip are given
- // OR
- // empty is given and owner and domain
- // OR
- // the domain is an arpa record and owner is given
- // OR
- // the type is slave, domain, owner and slave_master are given
- // THAN
- // Continue this function
- if (($domain && $owner && $webip && $mailip) || ($empty && $owner && $domain) || (eregi('in-addr.arpa', $domain) && $owner) || $type=="SLAVE" && $domain && $owner && $slave_master)
- {
- // First insert zone into domain table
- $db->query("INSERT INTO domains (name, type) VALUES (".$db->quote($domain).", ".$db->quote($type).")");
+ $domain_id = $db->lastInsertId('domains', 'id');
+ if (PEAR::isError($domain_id)) { error($id->getMessage()); return false; }
+
+ $response = $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($domain_id).", ".$db->quote($owner).")");
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
- // Determine id of insert zone (in other words, find domain_id)
- $iddomain = $db->lastInsertId('domains', 'id');
- if (PEAR::isError($iddomain)) {
- die($id->getMessage());
- }
-
- // Second, insert into zones tables
- $db->query("INSERT INTO zones (domain_id, owner) VALUES (".$db->quote($iddomain).", ".$db->quote($owner).")");
-
- if ($type == "SLAVE")
- {
- $db->query("UPDATE domains SET master = ".$db->quote($slave_master)." WHERE id = ".$db->quote($iddomain));
-
- // Done
- return true;
- }
- else
- {
- // Generate new timestamp. We need this one anyhow.
- $now = time();
+ if ($type == "SLAVE") {
+ $response = $db->query("UPDATE domains SET master = ".$db->quote($slave_master)." WHERE id = ".$db->quote($domain_id));
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+ return true;
+ } else {
+ $now = time();
+ if ($empty && $domain_id) {
+ $ns1 = $GLOBALS['NS1'];
+ $hm = $GLOBALS['HOSTMASTER'];
+ $ttl = $GLOBALS['DEFAULT_TTL'];
- if ($empty && $iddomain)
- {
- // If we come into this if statement we dont want to apply templates.
- // Retrieve configuration settings.
- $ns1 = $GLOBALS["NS1"];
- $hm = $GLOBALS["HOSTMASTER"];
- $ttl = $GLOBALS["DEFAULT_TTL"];
+ $query = "INSERT INTO records VALUES ('',"
+ . $db->quote($domain_id) . ","
+ . $db->quote($domain) . ","
+ . $db->quote($ns1.' '.$hm.' 1')
+ . ",'SOA',"
+ . $db->quote($ttl)
+ . ", 0, "
+ . $db->quote($now).")";
+ $response = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+ } elseif ($domain_id) {
+ global $template;
- // Build and execute query
- $sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (".$db->quote($iddomain).", ".$db->quote($domain).", ".$db->quote($ns1.' '.$hm.' 1').", 'SOA', ".$db->quote($ttl).", 0, ".$db->quote($now).")";
- $db->query($sql);
-
- // Done
- return true;
- }
- elseif ($iddomain)
- {
- // If we are here we want to apply templates.
- global $template;
+ foreach ($template as $r) {
+ if ((eregi('in-addr.arpa', $domain) && ($r["type"] == "NS" || $r["type"] == "SOA")) || (!eregi('in-addr.arpa', $domain)))
+ {
+ $name = parse_template_value($r["name"], $domain, $webip, $mailip);
+ $type = $r["type"];
+ $content = parse_template_value($r["content"], $domain, $webip, $mailip);
+ $ttl = $r["ttl"];
+ $prio = intval($r["prio"]);
- // Iterate over the template and apply it for each field.
- foreach ($template as $r)
- {
- // Same type of if statement as previous.
- if ((eregi('in-addr.arpa', $domain) && ($r["type"] == "NS" || $r["type"] == "SOA")) || (!eregi('in-addr.arpa', $domain)))
- {
- // Parse the template.
- $name = parse_template_value($r["name"], $domain, $webip, $mailip);
- $type = $r["type"];
- $content = parse_template_value($r["content"], $domain, $webip, $mailip);
- $ttl = $r["ttl"];
- $prio = intval($r["prio"]);
+ if (!$ttl) {
+ $ttl = $GLOBALS["DEFAULT_TTL"];
+ }
- // If no ttl is given, use the default.
- if (!$ttl)
- {
- $ttl = $GLOBALS["DEFAULT_TTL"];
+ $query = "INSERT INTO records VALUES ('',"
+ . $db->quote($domain_id) . ","
+ . $db->quote($name) . ","
+ . $db->quote($content) . ","
+ . $db->quote($type) . ","
+ . $db->quote($ttl) . ","
+ . $db->quote($prio) . ","
+ . $db->quote($now) . ")";
+ $response = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
}
-
- $sql = "INSERT INTO records (domain_id, name, content, type, ttl, prio, change_date) VALUES (".$db->quote($iddomain).", ".$db->quote($name).", ".$db->quote($content).", ".$db->quote($type).", ".$db->quote($ttl).", ".$db->quote($prio).", ".$db->quote($now).")";
- $db->query($sql);
}
- }
- // All done.
- return true;
- }
- else
- {
- error(sprintf(ERR_INV_ARGC, "add_domain", "could not create zone"));
- }
+ return true;
+ } else {
+ error(sprintf(ERR_INV_ARGC, "add_domain", "could not create zone"));
+ }
+ }
+ } else {
+ error(sprintf(ERR_INV_ARG, "add_domain"));
}
- }
- else
- {
- error(sprintf(ERR_INV_ARG, "add_domain"));
+ } else {
+ error(ERR_PERM_ADD_ZONE_MASTER);
+ return false;
}
}
@@ -458,24 +395,23 @@
{
global $db;
- if (!level(5))
- {
- error(ERR_LEVEL_5);
- }
+ if (verify_permission(zone_content_edit_others)) { $perm_edit = "all" ; }
+ elseif (verify_permission(zone_content_edit_own)) { $perm_edit = "own" ; }
+ else { $perm_edit = "none" ; }
+ $user_is_zone_owner = verify_user_is_owner_zoneid($id);
- // See if the ID is numeric.
- if (is_numeric($id))
- {
- $db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id));
- $db->query("DELETE FROM domains WHERE id=".$db->quote($id));
- $db->query("DELETE FROM records WHERE domain_id=".$db->quote($id));
- // Nothing in the database. If the delete deleted 0 records it means the id is just not there.
- // therefore the is no need to check the affectedRows values.
- return true;
- }
- else
- {
- error(sprintf(ERR_INV_ARGC, "delete_domain", "id must be a number"));
+ if ( $perm_edit == "all" || ( $perm_edit == "own" && $user_is_zone_owner == "1") ) {
+ if (is_numeric($id)) {
+ $db->query("DELETE FROM zones WHERE domain_id=".$db->quote($id));
+ $db->query("DELETE FROM domains WHERE id=".$db->quote($id));
+ $db->query("DELETE FROM records WHERE domain_id=".$db->quote($id));
+ return true;
+ } else {
+ error(sprintf(ERR_INV_ARGC, "delete_domain", "id must be a number"));
+ return false;
+ }
+ } else {
+ error(ERR_PERM_DEL_ZONE);
}
}
@@ -501,93 +437,50 @@
/*
- * Sorts a zone by records.
- * return values: the sorted zone.
- */
-function sort_zone($records)
-{
- $ar_so = array();
- $ar_ns = array();
- $ar_mx = array();
- $ar_mb = array();
- $ar_ur = array();
- $ar_ov = array();
- foreach ($records as $c)
- {
- switch(strtoupper($c['type']))
- {
- case "SOA":
- $ar_so[] = $c;
- break;
- case "NS":
- $ar_ns[] = $c;
- break;
- case "MX":
- $ar_mx[] = $c;
- break;
- case "MBOXFW":
- $ar_mb[] = $c;
- break;
- case "URL":
- $ar_ur[] = $c;
- break;
- default:
- $ar_ov[] = $c;
- break;
- }
- }
-
- $res = array_merge($ar_so, $ar_ns, $ar_mx, $ar_mb, $ar_ur, $ar_ov);
-
- if (count($records) == count($res))
- {
- $records = $res;
- }
- else
- {
- error(sprintf(ERR_INV_ARGC, "sort_zone", "records sorting failed!"));
- }
- return $records;
-}
-
-
-/*
* Change owner of a domain.
- * Function should actually be in users.inc.php. But its more of a record modification than a user modification
* return values: true when succesful.
*/
-function add_owner($domain, $newowner)
+function add_owner_to_zone($zone_id, $user_id)
{
global $db;
-
- if (!level(5))
- {
- error(ERR_LEVEL_5);
- }
-
- if (is_numeric($domain) && is_numeric($newowner) && is_valid_user($newowner))
- {
- if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($newowner)." AND domain_id=".$db->quote($domain)) == 0)
+ if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) {
+ // User is allowed to make change to meta data of this zone.
+ if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id))
{
- $db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($domain).", ".$db->quote($newowner).")");
+ if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) == 0)
+ {
+ $db->query("INSERT INTO zones (domain_id, owner) VALUES(".$db->quote($zone_id).", ".$db->quote($user_id).")");
+ }
+ return true;
+ } else {
+ error(sprintf(ERR_INV_ARGC, "add_owner_to_zone", "$zone_id / $user_id"));
}
- return true;
- }
- else
- {
- error(sprintf(ERR_INV_ARGC, "change_owner", "$domain / $newowner"));
+ } else {
+ return false;
}
}
-function delete_owner($domain, $owner)
+function delete_owner_from_zone($zone_id, $user_id)
{
global $db;
- if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($owner)." AND domain_id=".$db->quote($domain)) != 0)
- {
- $db->query("DELETE FROM zones WHERE owner=".$db->quote($owner)." AND domain_id=".$db->quote($domain));
+ if ( (verify_permission(zone_meta_edit_others)) || (verify_permission(zone_meta_edit_own)) && verify_user_is_owner_zoneid($_GET["id"])) {
+ // User is allowed to make change to meta data of this zone.
+ if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id))
+ {
+ // TODO: Next if() required, why not just execute DELETE query?
+ if($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id)) != 0)
+ {
+ $db->query("DELETE FROM zones WHERE owner=".$db->quote($user_id)." AND domain_id=".$db->quote($zone_id));
+ }
+ return true;
+ } else {
+ error(sprintf(ERR_INV_ARGC, "delete_owner_from_zone", "$zone_id / $user_id"));
+ }
+ } else {
+ return false;
}
- return true;
+
}
/*
@@ -653,130 +546,37 @@
function get_name_from_record_id($id)
{
global $db;
- if (is_numeric($id))
- {
+ if (is_numeric($id)) {
$result = $db->query("SELECT name FROM records WHERE id=".$db->quote($id));
$r = $result->fetchRow();
return $r["name"];
- }
- else
- {
+ } else {
error(sprintf(ERR_INV_ARG, "get_name_from_record_id"));
}
}
/*
- * Get all the domains from a database of which the user is the owner.
- * return values: an array with the id of the domain and its name.
- */
-function get_domains_from_userid($id)
-{
- global $db;
- if (is_numeric($id))
- {
- $a_zones = array();
-
- // Check for zones the user has full access for (the
- // user is owner of the zone.
-
- $res_full = $db->query("SELECT
- domains.id AS domain_id,
- domains.name AS name
- FROM domains
- LEFT JOIN zones ON domains.id=zones.domain_id
- WHERE owner=".$db->quote($id));
-
- // Process the output.
-
- $numrows = $res_full->numRows();
- $i=1;
- if ($numrows > 0)
- {
- $andnot=" AND NOT domains.id IN (";
- while($r = $res_full->fetchRow()) {
-
- // Create array of zone id's and name's the owner
- // has full access to.
-
- $a_zones[] = array(
- "id" => $r["domain_id"],
- "name" => $r["name"],
- "partial" => "0"
- );
-
- // Create AND NOT for query of zones the user has
- // only partial access to. In that query we just
- // want to see the zones he has not full access to
- // as well.
-
- $andnot.=$db->quote($r["domain_id"]);
- if ($i < $numrows) {
- $andnot.=",";
- $i++;
- }
-
- }
- $andnot.=")";
- }
- else
- {
- $andnot="";
- }
-
- // Check for zones the user has partial access only to.
-
- $res_partial = $db->query("SELECT DISTINCT
- records.domain_id,
- domains.name
- FROM records, record_owners, domains
- WHERE record_owners.user_id = ".$db->quote($id)."
- AND records.id = record_owners.record_id
- AND domains.id = records.domain_id
- ".$andnot);
-
- // Add these zones to the array as well.
-
- while ($r = $res_partial->fetchRow())
- {
- $a_zones[] = array(
- "id" => $r["domain_id"],
- "name" => $r["name"],
- "partial" => "1"
- );
- }
-
- return $a_zones;
- }
- else
- {
- error(sprintf(ERR_INV_ARGC, "get_domains_from_userid", "This is not a valid userid: $id"));
- }
-}
-
-
-/*
* Get domain name from a given id
* return values: the name of the domain associated with the id.
*/
function get_domain_name_from_id($id)
{
global $db;
- if (!xs($id))
- {
- error(ERR_RECORD_ACCESS_DENIED);
- }
+
if (is_numeric($id))
{
$result = $db->query("SELECT name FROM domains WHERE id=".$db->quote($id));
- if ($result->numRows() == 1)
- {
+ $rows = $result->numRows() ;
+ if ($rows == 1) {
$r = $result->fetchRow();
return $r["name"];
- }
- else
- {
+ } elseif ($rows == "0") {
+ error(sprintf("Zone does not exist."));
+ return false;
+ } else {
error(sprintf(ERR_INV_ARGC, "get_domain_name_from_id", "more than one domain found?! whaaa! BAD! BAD! Contact admin!"));
+ return false;
}
}
else
@@ -785,86 +585,34 @@
}
}
-
-/*
- * Get information about a domain name from a given domain id.
- * the function looks up the domainname, the owner of the domain and the number of records in it.
- * return values: an array containing the information.
- */
-function get_domain_info_from_id($id)
-{
- global $db;
- if (!xs($id))
- {
- error(ERR_RECORD_ACCESS_DENIED);
- }
- if (is_numeric($id))
- {
+function get_zone_info_from_id($zone_id) {
- if ($_SESSION[$id."_ispartial"] == 1) {
-
- $sqlq = "SELECT
- domains.type AS type,
- domains.name AS name,
- users.fullname AS owner,
- count(record_owners.id) AS aantal
- FROM domains, users, record_owners, records
-
- WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])."
- AND record_owners.record_id = records.id
- AND records.domain_id = ".$db->quote($id)."
+ if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; }
+ elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; }
+ else { $perm_view = "none" ;}
- GROUP BY domains.name, owner, users.fullname, domains.type
- ORDER BY domains.name";
-
- $result = $db->queryRow($sqlq);
+ if ($perm_view == "none") {
+ error(ERR_PERM_VIEW_ZONE);
+ } else {
+ global $db;
- $ret = array(
- "name" => $result["name"],
- "ownerid" => $_SESSION["userid"],
- "owner" => $result["owner"],
- "type" => $result["type"],
- "numrec" => $result["aantal"]
- );
-
- return $ret;
+ $query = "SELECT domains.type AS type,
+ domains.name AS name,
+ domains.master AS master_ip,
+ count(records.domain_id) AS record_count
+ FROM domains, records
+ WHERE domains.id = " . $db->quote($zone_id) . "
+ AND domains.id = records.domain_id
+ GROUP BY domains.id";
- } else{
-
- // Query that retrieves the information we need.
- $sqlq = "SELECT
- domains.type AS type,
- domains.name AS name,
- min(zones.owner) AS ownerid,
- users.fullname AS owner,
- count(records.domain_id) AS aantal
- FROM domains
- LEFT JOIN records ON domains.id=records.domain_id
- LEFT JOIN zones ON domains.id=zones.domain_id
- LEFT JOIN users ON zones.owner=users.id
- WHERE domains.id=$id
- GROUP BY domains.name, owner, users.fullname, domains.type, zones.id
- ORDER BY zones.id";
-
- // Put the first occurence in an array and return it.
- $result = $db->queryRow($sqlq);
-
- //$result["ownerid"] = ($result["ownerid"] == NULL) ? $db->queryOne("select min(id) from users where users.level=10") : $result["ownerid"];
-
- $ret = array(
- "name" => $result["name"],
- "ownerid" => $result["ownerid"],
- "owner" => $result["owner"],
- "type" => $result["type"],
- "numrec" => $result["aantal"]
- );
- return $ret;
- }
-
- }
- else
- {
- error(sprintf(ERR_INV_ARGC, "get_domain_num_records_from_id", "This is not a valid domainid: $id"));
+ $response = $db->queryRow($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+ $return = array(
+ "name" => $response['name'],
+ "type" => $response['type'],
+ "master_ip" => $response['master_ip'],
+ "record_count" => $response['record_count']);
+ return $return;
}
}
@@ -877,24 +625,14 @@
{
global $db;
- if (!level(5))
- {
- error(ERR_LEVEL_5);
- }
- if (is_valid_domain($domain))
- {
+ if (is_valid_domain($domain)) {
$result = $db->query("SELECT id FROM domains WHERE name=".$db->quote($domain));
- if ($result->numRows() == 0)
- {
+ if ($result->numRows() == 0) {
return false;
- }
- elseif ($result->numRows() >= 1)
- {
+ } elseif ($result->numRows() >= 1) {
return true;
}
- }
- else
- {
+ } else {
error(ERR_DOMAIN_INVALID);
}
}
@@ -902,17 +640,16 @@
function get_supermasters()
{
global $db;
- $result = $db->query("SELECT ip, nameserver, account FROM supermasters");
+
+ $result = $db->query("SELECT ip, nameserver, account FROM supermasters");
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
$ret = array();
- if($result->numRows() == 0)
- {
+ if($result->numRows() == 0) {
return -1;
- }
- else
- {
- while ($r = $result->fetchRow())
- {
+ } else {
+ while ($r = $result->fetchRow()) {
$ret[] = array(
"master_ip" => $r["ip"],
"ns_name" => $r["nameserver"],
@@ -926,10 +663,6 @@
function supermaster_exists($master_ip)
{
global $db;
- if (!level(5))
- {
- error(ERR_LEVEL_5);
- }
if (is_valid_ip($master_ip) || is_valid_ip6($master_ip))
{
$result = $db->query("SELECT ip FROM supermasters WHERE ip = ".$db->quote($master_ip));
@@ -949,206 +682,92 @@
}
-/*
- * Get all domains from the database
- * This function gets all the domains from the database unless a user id is below 5.
- * if a user id is below 5 this function will only retrieve records for that user.
- * return values: the array of domains or -1 if nothing is found.
- */
-function get_domains($userid=true,$letterstart='all',$rowstart=0,$rowamount=999999)
+function get_zones($perm,$userid=0,$letterstart=all,$rowstart=0,$rowamount=999999)
{
global $db;
global $sql_regexp;
- if((!level(5) || !$userid) && !level(10) && !level(5))
- {
- $add = " AND zones.owner=".$db->quote($_SESSION["userid"]);
+ if ($perm != "own" && $perm != "all") {
+ error(ERR_PERM_VIEW_ZONE);
+ return false;
}
else
{
- $add = "";
+ if ($perm == "own") {
+ $sql_add = " AND zones.domain_id = domains.id
+ AND zones.owner = ".$db->quote($userid);
+ }
+ if ($letterstart!=all && $letterstart!=1) {
+ $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." ";
+ } elseif ($letterstart==1) {
+ $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
+ }
}
-
- $sqlq = "SELECT domains.id AS domain_id,
- min(zones.owner) AS owner,
- count(DISTINCT records.id) AS aantal,
- domains.name AS domainname
- FROM domains
- LEFT JOIN zones ON domains.id=zones.domain_id
- LEFT JOIN records ON records.domain_id=domains.id
- WHERE 1=1 $add ";
- if ($letterstart!='all' && $letterstart!=1) {
- $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letterstart);
- } elseif ($letterstart==1) {
- $sqlq.=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
- }
- $sqlq.=" GROUP BY domainname, domains.id
- ORDER BY domainname";
-
+
+ $sqlq = "SELECT domains.id,
+ domains.name,
+ domains.type,
+ COUNT(DISTINCT records.id) AS count_records
+ FROM domains
+ LEFT JOIN zones ON domains.id=zones.domain_id
+ LEFT JOIN records ON records.domain_id=domains.id
+ WHERE 1=1".$sql_add."
+ GROUP BY domains.name, domains.id
+ ORDER BY domains.name";
+
$db->setLimit($rowamount, $rowstart);
$result = $db->query($sqlq);
- // Set limit needs to be called before each query
- $db->setLimit($rowamount, $rowstart);
- $result2 = $db->query($sqlq);
-
- $numrows = $result2->numRows();
- $i=1;
- if ($numrows > 0) {
- $andnot=" AND NOT domains.id IN (";
- while($r = $result2->fetchRow()) {
- $andnot.=$db->quote($r["domain_id"]);
- if ($i < $numrows) {
- $andnot.=",";
- $i++;
- }
- }
- $andnot.=")";
- }
- else
- {
- $andnot="";
- }
-
- if ($letterstart!='all' && $letterstart!=1) {
-
- $sqlq = "SELECT domains.id AS domain_id,
- count(DISTINCT record_owners.record_id) AS aantal,
- domains.name AS domainname
- FROM domains, record_owners,records, zones
- WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])."
- AND (records.id = record_owners.record_id
- AND domains.id = records.domain_id)
- $andnot
- AND domains.name LIKE ".$db->quote($letterstart."%")."
- AND (zones.domain_id != records.domain_id AND zones.owner!=".$db->quote($_SESSION["userid"]).")
- GROUP BY domainname, domains.id
- ORDER BY domainname";
-
- $result_extra = $db->query($sqlq);
-
- } else {
-
- $sqlq = "SELECT domains.id AS domain_id,
- count(DISTINCT record_owners.record_id) AS aantal,
- domains.name AS domainname
- FROM domains, record_owners,records, zones
- WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])."
- AND (records.id = record_owners.record_id
- AND domains.id = records.domain_id)
- $andnot";
- if ($letterstart != 'all') {
- $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
- }
- $sqlq .= "AND (zones.domain_id != records.domain_id AND zones.owner!=".$db->quote($_SESSION["userid"]).")
- GROUP BY domainname, domains.id
- ORDER BY domainname";
-
- $result_extra[$i] = $db->query($sqlq);
-
- }
while($r = $result->fetchRow())
{
- $r["owner"] = ($r["owner"] == NULL) ? $db->queryOne("select min(id) from users where users.level=10") : $r["owner"];
- $ret[$r["domainname"]] = array(
- "name" => $r["domainname"],
- "id" => $r["domain_id"],
- "owner" => $r["owner"],
- "numrec" => $r["aantal"]
- );
+ $ret[$r["name"]] = array(
+ "id" => $r["id"],
+ "name" => $r["name"],
+ "type" => $r["type"],
+ "count_records" => $r["count_records"]
+ );
}
-
-
- if ($letterstart!='all' && $letterstart!=1) {
-
- while($r = $result_extra->fetchRow())
- {
- $ret[$r["domainname"]] = array(
- "name" => $r["domainname"]."*",
- "id" => $r["domain_id"],
- "owner" => $_SESSION["userid"],
- "numrec" => $r["aantal"]
- );
- $_SESSION["partial_".$r["domainname"]] = 1;
- }
-
- } else {
-
- foreach ($result_extra as $result_e) {
- while($r = $result_e->fetchRow())
- {
- $ret[$r["domainname"]] = array(
- "name" => $r["domainname"]."*",
- "id" => $r["domain_id"],
- "owner" => $_SESSION["userid"],
- "numrec" => $r["aantal"]
- );
- $_SESSION["partial_".$r["domainname"]] = 1;
- }
- }
-
- }
-
- if (empty($ret)) {
- return -1;
- } else {
- sort($ret);
- return $ret;
- }
-
+ return $ret;
}
-
-/*
- * zone_count
- * Does a select query to count how many zones we have in the database
- *
- * @todo: see whether or not it is possible to add the records
- * @param $userid integer The userid of the current user
- * @return integer the number of zones
- */
-
-function zone_count($userid=true, $letterstart='all') {
- global $db;
+// TODO: letterstart limitation and userid permission limitiation should be applied at the same time?
+function zone_count_ng($perm, $letterstart=all) {
+ global $db;
global $sql_regexp;
- if((!level(5) || !$userid) && !level(10) && !level(5))
- {
- // First select the zones for which we have ownership on one or more records.
- $query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$db->quote($_SESSION['userid']).' AND records.id = record_owners.record_id';
- $result = $db->query($query);
- $zones = array();
- if (!PEAR::isError($result)) {
- $zones = $result->fetchCol();
+ if ($perm != "own" && $perm != "all") {
+ $zone_count = "0";
+ }
+ else
+ {
+ if ($perm == "own") {
+ $sql_add = " AND zones.domain_id = domains.id
+ AND zones.owner = ".$db->quote($_SESSION['userid']);
+ }
+ if ($letterstart!=all && $letterstart!=1) {
+ $sql_add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." ";
+ } elseif ($letterstart==1) {
+ $sql_add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
}
-
- $add = " AND (zones.owner=".$db->quote($_SESSION["userid"]);
- if (count($zones) > 0) {
- $add .= ' OR zones.domain_id IN ('.implode(',', $zones).') ';
- }
- $add .= ')';
- }
- else
- {
- $add = "";
- }
+ $sqlq = "SELECT COUNT(distinct domains.id) AS count_zones
+ FROM domains,zones
+ WHERE 1=1
+ ".$sql_add.";";
+
+ $zone_count = $db->queryOne($sqlq);
+ }
+ return $zone_count;
+}
- if ($letterstart!='all' && $letterstart!=1) {
- $add .=" AND domains.name LIKE ".$db->quote($letterstart."%")." ";
- } elseif ($letterstart==1) {
- $add .=" AND substring(domains.name,1,1) ".$sql_regexp." '^[[:digit:]]'";
- }
+function zone_count_for_uid($uid) {
+ global $db;
+ $query = "SELECT COUNT(domain_id)
+ FROM zones
+ WHERE owner = " . $db->quote($uid) . "
+ ORDER BY domain_id";
+ $zone_count = $db->queryOne($query);
+ return $zone_count;
+}
- if (level(5))
- {
- $query = 'SELECT count(distinct domains.id) as zone_count FROM domains WHERE 1=1 '.$add;
- }
- else
- {
- $query = 'SELECT count(distinct zones.domain_id) as zone_count FROM zones, domains WHERE zones.domain_id = domains.id '.$add;
- }
- $numRows = $db->queryOne($query);
- return $numRows;
-}
/*
* Get a record from an id.
@@ -1169,15 +788,15 @@
{
$r = $result->fetchRow();
$ret = array(
- "id" => $r["id"],
- "domain_id" => $r["domain_id"],
- "name" => $r["name"],
- "type" => $r["type"],
- "content" => $r["content"],
- "ttl" => $r["ttl"],
- "prio" => $r["prio"],
- "change_date" => $r["change_date"]
- );
+ "id" => $r["id"],
+ "domain_id" => $r["domain_id"],
+ "name" => $r["name"],
+ "type" => $r["type"],
+ "content" => $r["content"],
+ "ttl" => $r["ttl"],
+ "prio" => $r["prio"],
+ "change_date" => $r["change_date"]
+ );
return $ret;
}
else
@@ -1197,58 +816,53 @@
* Retrieve all fields of the records and send it back to the function caller.
* return values: the array with information, or -1 is nothing is found.
*/
-function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999)
-{
+function get_records_from_domain_id($id,$rowstart=0,$rowamount=999999) {
global $db;
- if (is_numeric($id))
- {
+ if (is_numeric($id)) {
if ($_SESSION[$id."_ispartial"] == 1) {
- $db->setLimit($rowamount, $rowstart);
- $result = $db->query("SELECT record_owners.record_id as id
- FROM record_owners,domains,records
- WHERE record_owners.user_id = ".$db->quote($_SESSION["userid"])."
- AND record_owners.record_id = records.id
- AND records.domain_id = ".$db->quote($id)."
- GROUP bY record_owners.record_id");
+ $db->setLimit($rowamount, $rowstart);
+ $result = $db->query("SELECT record_owners.record_id as id
+ FROM record_owners,domains,records
+ WHERE record_owners.user_id = " . $db->quote($_SESSION["userid"]) . "
+ AND record_owners.record_id = records.id
+ AND records.domain_id = " . $db->quote($id) . "
+ GROUP BY record_owners.record_id");
- $ret = array();
- if($result->numRows() == 0)
- {
- return -1;
- }
- else
- {
- $ret[] = array();
- $retcount = 0;
- while($r = $result->fetchRow())
- {
- // Call get_record_from_id for each row.
- $ret[$retcount] = get_record_from_id($r["id"]);
- $retcount++;
- }
- return $ret;
- }
+ $ret = array();
+ if($result->numRows() == 0) {
+ return -1;
+ } else {
+ $ret[] = array();
+ $retcount = 0;
+ while($r = $result->fetchRow())
+ {
+ // Call get_record_from_id for each row.
+ $ret[$retcount] = get_record_from_id($r["id"]);
+ $retcount++;
+ }
+ return $ret;
+ }
} else {
- $db->setLimit($rowamount, $rowstart);
- $result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id));
- $ret = array();
- if($result->numRows() == 0)
- {
- return -1;
- }
- else
- {
- $ret[] = array();
- $retcount = 0;
- while($r = $result->fetchRow())
+ $db->setLimit($rowamount, $rowstart);
+ $result = $db->query("SELECT id FROM records WHERE domain_id=".$db->quote($id));
+ $ret = array();
+ if($result->numRows() == 0)
+ {
+ return -1;
+ }
+ else
{
- // Call get_record_from_id for each row.
- $ret[$retcount] = get_record_from_id($r["id"]);
- $retcount++;
+ $ret[] = array();
+ $retcount = 0;
+ while($r = $result->fetchRow())
+ {
+ // Call get_record_from_id for each row.
+ $ret[$retcount] = get_record_from_id($r["id"]);
+ $retcount++;
+ }
+ return $ret;
}
- return $ret;
- }
}
}
@@ -1259,165 +873,164 @@
}
-function get_users_from_domain_id($id)
-{
+function get_users_from_domain_id($id) {
global $db;
- $result = $db->queryCol("SELECT owner FROM zones WHERE domain_id=".$db->quote($id));
- $ret = array();
- foreach($result as $uid)
- {
- $fullname = $db->queryOne("SELECT fullname FROM users WHERE id=".$db->quote($uid));
- $ret[] = array(
- "id" => $uid,
- "fullname" => $fullname
- );
+ $sqlq = "SELECT owner FROM zones WHERE domain_id =" .$db->quote($id);
+ $id_owners = $db->query($sqlq);
+ if ($id_owners->numRows() == 0) {
+ return -1;
+ } else {
+ while ($r = $id_owners->fetchRow()) {
+ $fullname = $db->queryOne("SELECT fullname FROM users WHERE id=".$r['owner']);
+ $owners[] = array(
+ "id" => $r['owner'],
+ "fullname" => $fullname
+ );
+ }
}
- return $ret;
+ return $owners;
}
-function search_record($question)
-{
+
+function search_zone_and_record($holy_grail,$perm) {
+
global $db;
- $question = trim($question);
+
+ $holy_grail = trim($holy_grail);
+
+ if (verify_permission(zone_content_view_others)) { $perm_view = "all" ; }
+ elseif (verify_permission(zone_content_view_own)) { $perm_view = "own" ; }
+ else { $perm_view = "none" ; }
+
+ if (verify_permission(zone_content_edit_others)) { $perm_content_edit = "all" ; }
+ elseif (verify_permission(zone_content_edit_own)) { $perm_content_edit = "own" ; }
+ else { $perm_content_edit = "none" ; }
+
+ // Search for matching domains
- if (is_valid_search($question))
- {
- $sqlq = "SELECT *
- FROM records
- WHERE content LIKE ".$db->quote($question)."
- OR name LIKE ".$db->quote($question)."
- ORDER BY type DESC";
- $result = $db->query($sqlq);
- $ret_r = array();
- while ($r = $result->fetchRow())
- {
- if(xs($r['domain_id']))
- {
- $ret_r[] = array(
- 'id' => $r['id'],
- 'domain_id' => $r['domain_id'],
- 'name' => $r['name'],
- 'type' => $r['type'],
- 'content' => $r['content'],
- 'ttl' => $r['ttl'],
- 'prio' => $r['prio'],
- 'change_date' => $r['change_date']
- );
- }
- }
+ if ($perm == "own") {
+ $sql_add_from = ", zones ";
+ $sql_add_where = " AND zones.domain_id = domains.id AND zones.owner = " . $db->quote($userid);
+ }
+
+ $query = "SELECT
+ domains.id AS zid,
+ domains.name AS name,
+ domains.type AS type,
+ domains.master AS master
+ FROM domains" . $sql_add_from . "
+ WHERE domains.name LIKE " . $db->quote($holy_grail)
+ . $sql_add_where ;
+
+ $response = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
- $sqlq = "SELECT domains.id, domains.name, count(records.id) AS numrec, zones.owner, records.domain_id
- FROM domains LEFT JOIN records ON domains.id = records.domain_id, zones
- WHERE zones.domain_id = domains.id
- AND domains.name LIKE ".$db->quote($question)."
- GROUP BY domains.id, domains.name, zones.owner, records.domain_id";
- $result = $db->query($sqlq);
- $ret_d = array();
- while ($r = $result->fetchRow())
- {
- if(xs($r['id']))
- {
- $ret_d[] = array(
- 'id' => $r['id'],
- 'name' => $r['name'],
- 'numrec' => $r['numrec'],
- 'owner' => $r['owner']
- );
- }
- }
- return array('domains' => $ret_d, 'records' => $ret_r);
- }
- else
- {
- error(sprintf(ERR_INV_ARGC, "search_record", "Invalid searchstring: $question"));
+ while ($r = $response->fetchRow()) {
+ $return_zones[] = array(
+ "zid" => $r['zid'],
+ "name" => $r['name'],
+ "type" => $r['type'],
+ "master" => $r['master']);
}
+ // Search for matching records
+
+ if ($perm == "own") {
+ $sql_add_from = ", zones ";
+ $sql_add_where = " AND zones.domain_id = record.id AND zones.owner = " . $db->quote($userid);
+ }
+
+ $query = "SELECT
+ records.id AS rid,
+ records.name AS name,
+ records.type AS type,
+ records.content AS content,
+ records.ttl AS ttl,
+ records.prio AS prio,
+ records.domain_id AS zid
+ FROM records" . $sql_add_from . "
+ WHERE (records.name LIKE " . $db->quote($holy_grail) . " OR records.content LIKE " . $db->quote($holy_grail) . ")"
+ . $sql_add_where ;
+
+ $response = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ while ($r = $response->fetchRow()) {
+ $return_records[] = array(
+ "rid" => $r['rid'],
+ "name" => $r['name'],
+ "type" => $r['type'],
+ "content" => $r['content'],
+ "ttl" => $r['ttl'],
+ "zid" => $r['zid'],
+ "prio" => $r['prio']);
+ }
+ return array('zones' => $return_zones, 'records' => $return_records);
}
-function get_domain_type($id)
-{
+function get_domain_type($id) {
global $db;
- if (is_numeric($id))
- {
+ if (is_numeric($id)) {
$type = $db->queryOne("SELECT type FROM domains WHERE id = ".$db->quote($id));
- if($type == "")
- {
+ if ($type == "") {
$type = "NATIVE";
}
return $type;
- }
- else
- {
+ } else {
error(sprintf(ERR_INV_ARG, "get_record_from_id", "no or no valid zoneid given"));
}
}
-function get_domain_slave_master($id)
-{
+function get_domain_slave_master($id){
global $db;
- if (is_numeric($id))
- {
+ if (is_numeric($id)) {
$slave_master = $db->queryOne("SELECT master FROM domains WHERE type = 'SLAVE' and id = ".$db->quote($id));
return $slave_master;
- }
- else
- {
+ } else {
error(sprintf(ERR_INV_ARG, "get_domain_slave_master", "no or no valid zoneid given"));
}
}
-function change_domain_type($type, $id)
+function change_zone_type($type, $id)
{
global $db;
$add = '';
if (is_numeric($id))
{
- // It is not really neccesary to clear the master field if a
- // zone is not of the type "slave" as powerdns will ignore that
- // fiedl, but it is cleaner anyway.
- if ($type != "SLAVE")
- {
+ // It is not really neccesary to clear the field that contains the IP address
+ // of the master if the type changes from slave to something else. PowerDNS will
+ // ignore the field if the type isn't something else then slave. But then again,
+ // it's much clearer this way.
+ if ($type != "SLAVE") {
$add = ", master=''";
}
- $result = $db->query("UPDATE domains SET type = " .$db->quote($type). $add." WHERE id = ".$db->quote($id));
- }
- else
- {
+ $result = $db->query("UPDATE domains SET type = " . $db->quote($type) . $add . " WHERE id = ".$db->quote($id));
+ } else {
error(sprintf(ERR_INV_ARG, "change_domain_type", "no or no valid zoneid given"));
}
}
-function change_domain_slave_master($id, $slave_master)
-{
+function change_zone_slave_master($zone_id, $ip_slave_master) {
global $db;
- if (is_numeric($id))
- {
- if (is_valid_ip($slave_master) || is_valid_ip6($slave_master))
- {
- $result = $db->query("UPDATE domains SET master = " .$db->quote($slave_master). " WHERE id = ".$db->quote($id));
+ if (is_numeric($zone_id)) {
+ if (is_valid_ip($ip_slave_master) || is_valid_ip6($ip_slave_master)) {
+ $result = $db->query("UPDATE domains SET master = " .$db->quote($ip_slave_master). " WHERE id = ".$db->quote($zone_id));
+ } else {
+ error(sprintf(ERR_INV_ARGC, "change_domain_ip_slave_master", "This is not a valid IPv4 or IPv6 address: $ip_slave_master"));
}
- else
- {
- error(sprintf(ERR_INV_ARGC, "change_domain_slave_master", "This is not a valid IPv4 or IPv6 address: $slave_master"));
- }
- }
- else
- {
+ } else {
error(sprintf(ERR_INV_ARG, "change_domain_type", "no or no valid zoneid given"));
}
}
-function validate_account($account)
-{
-
- if(preg_match("/^[A-Z0-9._-]+$/i",$account))
- {
+function validate_account($account) {
+ if(preg_match("/^[A-Z0-9._-]+$/i",$account)) {
return true;
- }
- else
- {
+ } else {
return false;
}
}
+
+
?>
diff -r c72d6d51f3d3 -r c255196bc447 inc/toolkit.inc.php
--- a/inc/toolkit.inc.php Wed Mar 12 20:45:56 2008 +0000
+++ b/inc/toolkit.inc.php Tue Mar 25 22:45:31 2008 +0000
@@ -22,7 +22,6 @@
session_start();
-
if(!@include_once("config.inc.php"))
{
error( _('You have to create a config.inc.php!') );
@@ -79,6 +78,9 @@
require_once("dns.inc.php");
require_once("record.inc.php");
+$db = dbConnect();
+doAuthenticate();
+
/*************
* Functions *
@@ -92,7 +94,7 @@
{
if ($amount > $rowamount) {
if (!isset($_GET["start"])) $_GET["start"]=1;
- echo _('Show page') . "
";
+ echo _('Show page') . ":
";
for ($i=1;$i<=ceil($amount / $rowamount);$i++) {
if ($_GET["start"] == $i) {
echo "[
".$i." ] ";
@@ -111,7 +113,7 @@
function show_letters($letterstart,$userid=true)
{
- echo _('Show zones beginning with:') . "
";
+ echo _('Show zones beginning with') . ":
";
$letter = "[[:digit:]]";
if ($letterstart == "1")
@@ -148,68 +150,42 @@
{
global $db;
global $sql_regexp;
- $sqlq = "SELECT domains.id AS domain_id,
- zones.owner,
- records.id,
- domains.name AS domainname
- FROM domains
- LEFT JOIN zones ON domains.id=zones.domain_id
- LEFT JOIN records ON records.domain_id=domains.id
- WHERE 1=1";
- if((!level(5) || !$userid) && !level(10) && !level(5))
- {
- // First select the zones for which we have ownership on one or more records.
- $query = 'SELECT records.domain_id FROM records, record_owners WHERE user_id = '.$db->quote($_SESSION['userid']).' AND records.id = record_owners.record_id';
- $result = $db->query($query);
- $zones = array();
- if (!PEAR::isError($result)) {
- $zones = $result->fetchCol();
- }
-
- $sqlq .= " AND (zones.owner=".$db->quote($_SESSION["userid"]);
- if (count($zones) > 0) {
- $sqlq .= ' OR zones.domain_id IN ('.implode(',', $zones).') ';
-
- }
- $sqlq .= ')';
- }
- $sqlq .= " AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter);
- $db->setLimit(1);
- $result = $db->query($sqlq);
+ $query = "SELECT
+ domains.id AS domain_id,
+ zones.owner,
+ records.id,
+ domains.name AS domainname
+ FROM domains
+ LEFT JOIN zones ON domains.id=zones.domain_id
+ LEFT JOIN records ON records.domain_id=domains.id
+ AND substring(domains.name,1,1) ".$sql_regexp." ".$db->quote("^".$letter);
+ $db->setLimit(1);
+ $result = $db->query($query);
$numrows = $result->numRows();
- if ( $numrows == "1" )
- {
+ if ( $numrows == "1" ) {
return 1;
- }
- else
- {
+ } else {
return 0;
}
}
-/*
- * Print a nice useraimed error.
- */
-function error($msg)
-{
- // General function for printing critical errors.
- if ($msg)
- {
- include_once("header.inc.php");
- ?>
-
-
- Error: " . $msg . "
" . _('An unknown error has occurred.') . "
" . $msg . "
" . _('Something has been successfully performed. What exactly, however, will remain a mystery.') . "
\n";
+ }
+}
+
+
/*
* Something has been done nicely, display a message and a back button.
*/
@@ -268,47 +244,6 @@
}
}
-function level($l)
-{
- if ($_SESSION["level"] >= $l)
- {
- return 1;
- }
- else
- {
- return 0;
- }
-}
-
-function xs($zoneid)
-{
- global $db;
- if (is_numeric($zoneid) && is_numeric($_SESSION["level"]))
- {
- $result = $db->query("SELECT id FROM zones WHERE owner=".$db->quote($_SESSION["userid"])." AND domain_id=".$db->quote($zoneid));
- $db->setLimit(1);
- $result_extra = $db->query("SELECT record_owners.id FROM record_owners,records WHERE record_owners.user_id=".$db->quote($_SESSION["userid"])." AND records.domain_id = ".$db->quote($zoneid)." AND records.id = record_owners.record_id");
-
- if ($result->numRows() == 1 || $_SESSION["level"] >= 5)
- {
- $_SESSION[$zoneid."_ispartial"] = 0;
- return true;
- }
- elseif ($result_extra->numRows() == 1)
- {
- $_SESSION[$zoneid."_ispartial"] = 1;
- return true;
- }
- else
- {
- return false;
- }
- }
- else
- {
- return false;
- }
-}
function get_status($res)
{
@@ -344,4 +279,20 @@
}
return true;
}
+
+
+function v_num($string) {
+ if (!eregi("^[0-9]+$", $string)) {
+ return false ;
+ } else {
+ return true ;
+ }
+}
+
+function debug_r($array) {
+ echo "
\n";
+}
+
?>
diff -r c72d6d51f3d3 -r c255196bc447 inc/users.inc.php
--- a/inc/users.inc.php Wed Mar 12 20:45:56 2008 +0000
+++ b/inc/users.inc.php Tue Mar 25 22:45:31 2008 +0000
@@ -21,6 +21,77 @@
require_once("inc/toolkit.inc.php");
+
+/*
+ * Function to see if user has right to do something. It will check if
+ * user has "ueberuser" bit set. If it isn't, it will check if the user has
+ * the specific permission. It returns "false" if the user doesn't have the
+ * right, and "true" if the user has.
+ */
+
+function verify_permission($permission) {
+
+ global $db;
+
+ if ((!isset($_SESSION['userid'])) || (!is_object($db))) {
+ return 0;
+ }
+
+ // Set current user ID.
+ $userid=$_SESSION['userid'];
+
+ // Find the template ID that this user has been assigned.
+ $query = "SELECT perm_templ
+ FROM users
+ WHERE id = " . $db->quote($userid) ;
+ $templ_id = $db->queryOne($query);
+
+ // Does this user have ueberuser rights?
+ $query = "SELECT id
+ FROM perm_templ_items
+ WHERE templ_id = " . $db->quote($templ_id) . "
+ AND perm_id = '53'";
+ $result = $db->query($query);
+ if ( $result->numRows() > 0 ) {
+ return 1;
+ }
+
+ // Find the permission ID for the requested permission.
+ $query = "SELECT id
+ FROM perm_items
+ WHERE name = " . $db->quote($permission) ;
+ $perm_id = $db->queryOne($query);
+
+ // Check if the permission ID is assigned to the template ID.
+ $query = "SELECT id
+ FROM perm_templ_items
+ WHERE templ_id = " . $db->quote($templ_id) . "
+ AND perm_id = " . $db->quote($perm_id) ;
+ $result = $db->query($query);
+ if ( $result->numRows() > 0 ) {
+ return 1;
+ } else {
+ return 0;
+ }
+}
+
+function list_permission_templates() {
+ global $db;
+ $query = "SELECT * FROM perm_templ";
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ $template_list = array();
+ while ($template= $result->fetchRow()) {
+ $tempate_list[] = array(
+ "id" => $template['id'],
+ "name" => $template['name'],
+ "descr" => $template['descr']
+ );
+ }
+ return $tempate_list;
+}
+
/*
* Retrieve all users.
* Its to show_users therefore the odd name. Has to be changed.
@@ -42,8 +113,8 @@
users.fullname AS fullname,
users.email AS email,
users.description AS description,
- users.level AS level,
users.active AS active,
+ users.perm_templ AS perm_templ,
count(zones.owner) AS aantal FROM users
LEFT JOIN zones ON users.id=zones.owner$add
GROUP BY
@@ -52,7 +123,7 @@
users.fullname,
users.email,
users.description,
- users.level,
+ users.perm_templ,
users.active
ORDER BY
users.fullname";
@@ -102,33 +173,6 @@
/*
- * Gives a textdescribed value of the given levelid
- * return values: the text associated with the level
- */
-function leveldescription($id)
-{
- switch($id)
- {
- case 1:
- global $NAME_LEVEL_1;
- return $NAME_LEVEL_1;
- break;
- case 5:
- global $NAME_LEVEL_5;
- return $NAME_LEVEL_5;
- break;
- case 10:
- global $NAME_LEVEL_10;
- return $NAME_LEVEL_10;
- break;
- default:
- return "Unknown";
- break;
- }
-}
-
-
-/*
* Checks if a given username exists in the database.
* return values: true if exists, false if not.
*/
@@ -151,79 +195,39 @@
}
-/*
- * Get all user info for the given user in an array.
- * return values: the database style array with the information about the user.
- */
-function get_user_info($id)
-{
- global $db;
- if (is_numeric($id))
- {
- $result = $db->query("SELECT id, username, fullname, email, description, level, active from users where id=".$db->quote($id));
- $r = $result->fetchRow();
- return $r;
- }
- else
- {
- error(sprintf(ERR_INV_ARGC,"get_user_info", "you gave illegal arguments: $id"));
- }
-}
-
/*
* Delete a user from the system
* return values: true if user doesnt exist.
*/
-function delete_user($id)
+function delete_user($uid,$zones)
{
global $db;
- if (!level(10))
- {
- error(ERR_LEVEL_10);
- }
- if (is_numeric($id))
- {
- $db->query("DELETE FROM users WHERE id=".$db->quote($id));
- $db->query("DELETE FROM zones WHERE owner=".$db->quote($id));
- return true;
- // No need to check the affected rows. If the affected rows would be 0,
- // the user isnt in the dbase, just as we want.
- }
- else
- {
- error(ERR_INV_ARG);
- }
-}
+ if (($uid != $_SESSION['userid'] && !verify_permission(user_edit_others)) || ($uid == $_SESSION['userid'] && !verify_permission(user_edit_own))) {
+ error(ERR_PERM_DEL_USER);
+ return false;
+ } else {
-/*
- * Adds a user to the system.
- * return values: true if succesfully added.
- */
-function add_user($user, $password, $fullname, $email, $level, $description, $active)
-{
- global $db;
- if (!level(10))
- {
- error(ERR_LEVEL_10);
+ if (is_array($zones)) {
+ foreach ($zones as $zone) {
+ if ($zone['target'] == "delete") {
+ delete_domain($zone['zid']);
+ } elseif ($zone['target'] == "new_owner") {
+ add_owner_to_zone($zone['zid'], $zone['newowner']);
+ }
+ }
+ }
+
+ $query = "DELETE FROM zones WHERE owner = " . $db->quote($uid) ;
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ $query = "DELETE FROM users WHERE id = " . $db->quote($uid) ;
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
}
- if (!user_exists($user))
- {
- if (!is_valid_email($email))
- {
- error(ERR_INV_EMAIL);
- }
- if ($active != 1) {
- $active = 0;
- }
- $db->query("INSERT INTO users (username, password, fullname, email, description, level, active) VALUES (".$db->quote($user).", '" . md5($password) . "', ".$db->quote($fullname).", ".$db->quote($email).", ".$db->quote($description).", ".$db->quote($level).", ".$db->quote($active).")");
- return true;
- }
- else
- {
- error(ERR_USER_EXISTS);
- }
+ return true;
}
@@ -231,57 +235,81 @@
* Edit the information of an user.. sloppy implementation with too many queries.. (2) :)
* return values: true if succesful
*/
-function edit_user($id, $user, $fullname, $email, $level, $description, $active, $password)
+function edit_user($id, $user, $fullname, $email, $perm_templ, $description, $active, $password)
{
global $db;
- if(!level(10)) {
- error(ERR_LEVEL_10);
- }
+
+ verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
+
+ if (($id == $_SESSION["userid"] && $perm_edit_own == "1") || ($id != $_SESSION["userid"] && $perm_edit_others == "1" )) {
+
+ if (!is_valid_email($email)) {
+ error(ERR_INV_EMAIL);
+ return false;
+ }
- if (!is_valid_email($email))
- {
- error(ERR_INV_EMAIL);
- }
- if ($active != 1) {
- $active = 0;
- }
- $sqlquery = "UPDATE users set username=".$db->quote($user).", fullname=".$db->quote($fullname).", email=".$db->quote($email).", level=".$db->quote($level).", description=".$db->quote($description).", active=".$db->quote($active);
+ if ($active != 1) {
+ $active = 0;
+ }
+
+ // Before updating the database we need to check whether the user wants to
+ // change the username. If the user wants to change the username, we need
+ // to make sure it doesn't already exists.
+ //
+ // First find the current username of the user ID we want to change. If the
+ // current username is not the same as the username that was given by the
+ // user, the username should apparantly changed. If so, check if the "new"
+ // username already exists.
- if($password != "")
- {
- $sqlquery .= ", password= '" . md5($password) . "' ";
- }
+ $query = "SELECT username FROM users WHERE id = " . $db->quote($id);
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
- $sqlquery .= " WHERE id=".$db->quote($id) ;
+ $usercheck = array();
+ $usercheck = $result->fetchRow();
- // Search the username that right now goes with this ID.
- $result = $db->query("SELECT username from users where id=".$db->quote($id));
- $r = array();
- $r = $result->fetchRow();
+ if ($usercheck['username'] != $user) {
+
+ // Username of user ID in the database is different from the name
+ // we have been given. User wants a change of username. Now, make
+ // sure it doesn't already exist.
+
+ $query = "SELECT id FROM users WHERE username = " . $db->query($user);
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
- // If the found username with this ID is the given username with the command.. execute.
+ if($result->numRows() > 0) {
+ error(ERR_USER_EXIST);
+ return false;
+ }
+ }
- if($r["username"] == $user)
- {
- $db->query($sqlquery);
- return true;
- }
+ // So, user doesn't want to change username or, if he wants, there is not
+ // another user that goes by the wanted username. So, go ahead!
- // Its not.. so the user wants to change.
- // Find if there is an id that has the wished username.
- $otheruser = $db->query("SELECT id from users where username=".$db->query($user));
- if($otheruser->numRows() > 0)
- {
- error(ERR_USER_EXIST);
- }
+ $query = "UPDATE users SET
+ username = " . $db->quote($user) . ",
+ fullname = " . $db->quote($fullname) . ",
+ email = " . $db->quote($email) . ",
+ perm_templ = " . $db->quote($perm_templ) . ",
+ description = " . $db->quote($description) . ",
+ active = " . $db->quote($active) ;
- // Its fine it seems.. :)
- // Lets execute it.
- else
- {
- $db->query($sqlquery);
- return true;
+ if($password != "") {
+ $query .= ", password = " . $db->quote(md5($password)) ;
+ }
+
+ $query .= " WHERE id = " . $db->quote($id) ;
+
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ } else {
+ error(ERR_PERM_EDIT_USER);
+ return false;
}
+ return true;
}
/*
@@ -289,32 +317,29 @@
* The user is automatically logged out after the pass change.
* return values: none.
*/
-function change_user_pass($currentpass, $newpass, $newpass2)
-{
+function change_user_pass($details) {
global $db;
-
- // Check if the passwords are equal.
- if($newpass != $newpass2)
- {
+
+ if ($details['newpass'] != $details['newpass2']) {
error(ERR_USER_MATCH_NEW_PASS);
+ return false;
}
- // Retrieve the users password.
- $result = $db->query("SELECT password, id FROM users WHERE username=".$db->quote($_SESSION["userlogin"]));
+ $query = "SELECT id, password FROM users WHERE username = " . $db->quote($_SESSION["userlogin"]);
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
$rinfo = $result->fetchRow();
- // Check the current password versus the database password and execute the update.
- if(md5($currentpass) == $rinfo["password"])
- {
- $sqlquery = "update users set password='" . md5($newpass) . "' where id='" . $rinfo["id"] . "'";
- $db->query($sqlquery);
+ if(md5($details['currentpass']) == $rinfo['password']) {
+ $query = "UPDATE users SET password = " . $db->quote(md5($details['newpass'])) . " WHERE id = " . $db->quote($rinfo['id']) ;
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
- // Logout the user.
- logout("Pass changed please re-login");
- }
- else
- {
+ logout( _('Password has been changed, please login.'));
+ } else {
error(ERR_USER_WRONG_CURRENT_PASS);
+ return false;
}
}
@@ -323,18 +348,15 @@
* Get a fullname when you have a userid.
* return values: gives the fullname from a userid.
*/
-function get_fullname_from_userid($id)
-{
+function get_fullname_from_userid($id) {
global $db;
- if (is_numeric($id))
- {
+ if (is_numeric($id)) {
$result = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id));
$r = $result->fetchRow();
return $r["fullname"];
- }
- else
- {
+ } else {
error(ERR_INV_ARG);
+ return false;
}
}
@@ -369,7 +391,7 @@
* @param $id integer the id of the domain
* @return String the list of owners for this domain
*/
-function get_owners_from_domainid($id) {
+function get_fullnames_owners_from_domainid($id) {
global $db;
if (is_numeric($id))
@@ -392,4 +414,311 @@
error(ERR_INV_ARG);
}
+
+
+function verify_user_is_owner_zoneid($zoneid) {
+ global $db;
+
+ $userid=$_SESSION["userid"];
+
+ if (is_numeric($zoneid)) {
+ $result = $db->query("SELECT zones.id
+ FROM zones
+ WHERE zones.owner = " . $db->quote($userid) . "
+ AND zones.domain_id = ". $db->quote($zoneid)) ;
+ if ($result->numRows() == 0) {
+ return "0";
+ } else {
+ return "1";
+ }
+ }
+ error(ERR_INV_ARG);
+}
+
+
+function get_user_detail_list($specific) {
+
+ global $db;
+ $userid=$_SESSION['userid'];
+
+
+ if (v_num($specific)) {
+ $sql_add = "AND users.id = " . $db->quote($specific) ;
+ } else {
+ if (verify_permission(user_view_others)) {
+ $sql_add = "";
+ } else {
+ $sql_add = "AND users.id = " . $db->quote($userid) ;
+ }
+ }
+
+ $query = "SELECT users.id AS uid,
+ username,
+ fullname,
+ email,
+ description AS descr,
+ active,
+ perm_templ.id AS tpl_id,
+ perm_templ.name AS tpl_name,
+ perm_templ.descr AS tpl_descr
+ FROM users, perm_templ
+ WHERE users.perm_templ = perm_templ.id "
+ . $sql_add . "
+ ORDER BY username";
+
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ while ($user = $result->fetchRow()) {
+ $userlist[] = array(
+ "uid" => $user['uid'],
+ "username" => $user['username'],
+ "fullname" => $user['fullname'],
+ "email" => $user['email'],
+ "descr" => $user['descr'],
+ "active" => $user['active'],
+ "tpl_id" => $user['tpl_id'],
+ "tpl_name" => $user['tpl_name'],
+ "tpl_descr" => $user['tpl_descr']
+ );
+ }
+ return $userlist;
+}
+
+
+// Get a list of permissions that are available. If first argument is "0", it
+// should return all available permissions. If the first argument is > "0", it
+// should return the permissions assigned to that particular template only. If
+// second argument is true, only the permission names are returned.
+
+function get_permissions_by_template_id($templ_id=0,$return_name_only=false) {
+ global $db;
+
+ if ($templ_id > 0) {
+ $limit = ", perm_templ_items
+ WHERE perm_templ_items.templ_id = " . $db->quote($templ_id) . "
+ AND perm_templ_items.perm_id = perm_items.id";
+ }
+
+ $query = "SELECT perm_items.id AS id,
+ perm_items.name AS name,
+ perm_items.descr AS descr
+ FROM perm_items"
+ . $limit . "
+ ORDER BY descr";
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ $permission_list = array();
+ while ($permission = $result->fetchRow()) {
+ if ($return_name_only == false) {
+ $permission_list[] = array(
+ "id" => $permission['id'],
+ "name" => $permission['name'],
+ "descr" => $permission['descr']
+ );
+ } else {
+ $permission_list[] = $permission['name'];
+ }
+ }
+ return $permission_list;
+}
+
+
+// Get name and description of template based on template ID.
+
+function get_permission_template_details($templ_id) {
+ global $db;
+
+ $query = "SELECT *
+ FROM perm_templ
+ WHERE perm_templ.id = " . $db->quote($templ_id);
+
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ while($details = $result->fetchRow()) {
+ $detail_list[] = array (
+ "name" => $details['name'],
+ "descr" => $details['descr']
+ );
+ }
+ return $detail_list;
+}
+
+
+// Get a list of all available permission templates.
+
+function get_list_permission_templates() {
+ global $db;
+
+ $query = "SELECT * FROM perm_templ";
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ $perm_templ_list = array();
+ while ($perm_templ = $result->fetchRow()) {
+ $perm_templ_list[] = array(
+ "id" => $perm_templ['id'],
+ "name" => $perm_templ['name'],
+ "descr" => $perm_templ['descr']
+ );
+ }
+ return $perm_templ_list;
+}
+
+
+// Update all details of a permission template.
+
+function update_perm_templ_details($details) {
+ global $db;
+
+ // Fix permission template name and description first.
+
+ $query = "UPDATE perm_templ
+ SET name = " . $db->quote($details['templ_name']) . ",
+ descr = " . $db->quote($details['templ_descr']) . "
+ WHERE id = " . $db->quote($details['templ_id']) ;
+
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ // Now, update list of permissions assigned to this template. We could do
+ // this The Correct Way [tm] by comparing the list of permissions that are
+ // currently assigned with a list of permissions that should be assigned and
+ // apply the difference between these two lists to the database. That sounds
+ // like to much work. Just delete all the permissions currently assigned to
+ // the template, than assign all the permessions the template should have.
+
+ $query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details['templ_id'] ;
+ $result = $db->query($query);
+ if (pear::iserror($response)) { error($response->getmessage()); return false; }
+
+ foreach ($details['perm_id'] AS $perm_id) {
+ $r_insert_values[] = "(''," . $db->quote($details['templ_id']) . "," . $db->quote($perm_id) . ")";
+ }
+ $query = "INSERT INTO perm_templ_items VALUES " . implode(',', $r_insert_values) ;
+ $result = $db->query($query);
+ if (pear::iserror($response)) { error($response->getmessage()); return false; }
+
+ return true;
+}
+
+function update_user_details($details) {
+
+ global $db;
+
+ verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
+
+ if (($details['uid'] == $_SESSION["userid"] && $perm_edit_own == "1") ||
+ ($details['uid'] != $_SESSION["userid"] && $perm_edit_others == "1" )) {
+
+ if (!is_valid_email($details['email'])) {
+ error(ERR_INV_EMAIL);
+ return false;
+ }
+
+ if (!isset($details['active']) || $details['active'] != "on" ) {
+ $active = 0;
+ } else {
+ $active = 1;
+ }
+
+ // Before updating the database we need to check whether the user wants to
+ // change the username. If the user wants to change the username, we need
+ // to make sure it doesn't already exists.
+ //
+ // First find the current username of the user ID we want to change. If the
+ // current username is not the same as the username that was given by the
+ // user, the username should apparantly changed. If so, check if the "new"
+ // username already exists.
+ $query = "SELECT username FROM users WHERE id = " . $db->quote($details['uid']);
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ $usercheck = array();
+ $usercheck = $result->fetchRow();
+
+ if ($usercheck['username'] != $details['username']) {
+ // Username of user ID in the database is different from the name
+ // we have been given. User wants a change of username. Now, make
+ // sure it doesn't already exist.
+ $query = "SELECT id FROM users WHERE username = " . $db->quote($details['username']);
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ if($result->numRows() > 0) {
+ error(ERR_USER_EXIST);
+ return false;
+ }
+ }
+
+ // So, user doesn't want to change username or, if he wants, there is not
+ // another user that goes by the wanted username. So, go ahead!
+
+ $query = "UPDATE users SET
+ username = " . $db->quote($details['username']) . ",
+ fullname = " . $db->quote($details['fullname']) . ",
+ email = " . $db->quote($details['email']) . ",
+ perm_templ = " . $db->quote($details['templ_id']) . ",
+ description = " . $db->quote($details['descr']) . ",
+ active = " . $db->quote($active) ;
+
+ // TODO Check if function works if password is set too.
+ if($details['password'] != "") {
+ $query .= ", password = '" . md5($db->quote($details['password'])) . "' ";
+ }
+
+ $query .= " WHERE id = " . $db->quote($details['uid']) ;
+
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ } else {
+ error(ERR_PERM_EDIT_USER);
+ return false;
+ }
+ return true;
+}
+
+// Add a new user
+
+function add_new_user($details) {
+ global $db;
+
+ if (!verify_permission(user_add_new)) {
+ error(ERR_PERM_ADD_USER);
+
+ } elseif (user_exists($details['username'])) {
+ error(ERR_USER_EXISTS);
+
+ } elseif (!is_valid_email($details['email'])) {
+ error(ERR_INV_EMAIL);
+
+ } elseif ($details['active'] == 1) {
+ $active = 1;
+ } else {
+ $active = 0;
+ }
+
+ $query = "INSERT INTO users VALUES ( "
+ . "'', "
+ . $db->quote($details['username']) . ", "
+ . $db->quote(md5($details['password'])) . ", "
+ . $db->quote($details['fullname']) . ", "
+ . $db->quote($details['email']) . ", "
+ . $db->quote($details['descr']) . ", "
+ . $db->quote($details['perm_templ']) . ", "
+ . $db->quote($active)
+ . ")";
+
+ $result = $db->query($query);
+ if (PEAR::isError($response)) { error($response->getMessage()); return false; }
+
+ return true;
+}
+
+
+
?>
diff -r c72d6d51f3d3 -r c255196bc447 index.php
--- a/index.php Wed Mar 12 20:45:56 2008 +0000
+++ b/index.php Tue Mar 25 22:45:31 2008 +0000
@@ -22,34 +22,41 @@
//session_start();
require_once("inc/toolkit.inc.php");
include_once("inc/header.inc.php");
-?>
-
\n";
-
diff -r c72d6d51f3d3 -r c255196bc447 install.php
--- a/install.php Wed Mar 12 20:45:56 2008 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,225 +0,0 @@
- for more details.
- *
- * Copyright 2007, 2008 Rejo Zenger