From: Neil S. <sir...@us...> - 2003-06-13 13:29:16
|
CVSROOT : /cvsroot/publicdnsadmin Module : publicdnsadmin Commit time: 2003-06-13 13:29:10 UTC Modified files: create_record.php create_template_record.php edit_record.php edit_zone.php index.php new_record.php update_record.php update_template_record.php lib/footer.php lib/header.php lib/permission.inc.php lib/records.inc.php lib/zones.inc.php Log message: Author: SiRVu|caN Log message: Allow the use of $DOMAIN in content field of template records. Users with granted access of other domains can now create/edit records in them. ---------------------- diff included ---------------------- Index: publicdnsadmin/create_record.php diff -u publicdnsadmin/create_record.php:1.1.1.1 publicdnsadmin/create_record.php:1.2 --- publicdnsadmin/create_record.php:1.1.1.1 Wed Apr 16 00:19:03 2003 +++ publicdnsadmin/create_record.php Fri Jun 13 06:28:57 2003 @@ -26,7 +26,7 @@ if (!$dbh->isError($result) && $result->numRows()) { $row = $result->fetchRow(); - if ($perms["edit_other"] or ($perms["edit_own"] and $row["user_id"] == $_SESSION["_UID"])) { + if ($perms["edit_other"] or userHasZoneAccess($_SESSION["_UID"], $zoneid) or ($perms["edit_own"] and $row["user_id"] == $_SESSION["_UID"])) { global $default_ttl; $record = trim(addslashes($_POST["record"])); Index: publicdnsadmin/create_template_record.php diff -u publicdnsadmin/create_template_record.php:1.2 publicdnsadmin/create_template_record.php:1.3 --- publicdnsadmin/create_template_record.php:1.2 Fri May 23 21:33:14 2003 +++ publicdnsadmin/create_template_record.php Fri Jun 13 06:28:57 2003 @@ -51,7 +51,7 @@ $ttl = $default_ttl; } - if (!validateRecordContent($type, $content, true)) { + if (!validateTemRecordContent($type, $content, true)) { echo "<p class=\"error\">· Invalid content for pointer type</p>\n"; } elseif (!validateRecordData($type, $record, true)) { echo "<p class=\"error\">· Invalid record data for pointer type</p>\n"; Index: publicdnsadmin/edit_record.php diff -u publicdnsadmin/edit_record.php:1.1.1.1 publicdnsadmin/edit_record.php:1.2 --- publicdnsadmin/edit_record.php:1.1.1.1 Wed Apr 16 00:19:04 2003 +++ publicdnsadmin/edit_record.php Fri Jun 13 06:28:58 2003 @@ -16,6 +16,7 @@ $perms = getUserPermissions($_SESSION["_UID"]); $recordid = trim(addslashes($_GET["id"])); + $zoneid = getZoneFromRecord($recordid); ?> <h3>Edit domain » edit record</h3> @@ -24,9 +25,8 @@ $dbh = db_connect(); $result = $dbh->query("SELECT records.*, domain_owners.user_id, domains.name AS domain_name FROM domains, domain_owners, records WHERE records.id = '$recordid' AND domain_owners.domain_id = records.domain_id AND domains.id = domain_owners.domain_id AND records.type <> 'SOA'"); if (!$dbh->isError($result) && $result->numRows()) { - $row = $result->fetchRow(); - if ($perms["edit_other"] or ($perms["edit_own"] and $row["user_id"] == $_SESSION["_UID"])) { + if ($perms["edit_other"] or userHasZoneAccess($_SESSION["_UID"], $zoneid) or ($perms["edit_own"] and $row["user_id"] == $_SESSION["_UID"])) { $preg_dom = preg_quote($row["domain_name"], "/"); $record_name = preg_replace("/^(.*)$preg_dom$/", '\1', $row["name"]); Index: publicdnsadmin/edit_zone.php diff -u publicdnsadmin/edit_zone.php:1.1.1.1 publicdnsadmin/edit_zone.php:1.2 --- publicdnsadmin/edit_zone.php:1.1.1.1 Wed Apr 16 00:19:04 2003 +++ publicdnsadmin/edit_zone.php Fri Jun 13 06:28:58 2003 @@ -31,7 +31,7 @@ if (!$dbh->isError($result) && $result->numRows()) { $row = $result->fetchRow(); - if ($perms["edit_other"] or ($perms["edit_own"] and $row["user_id"] == $_SESSION["_UID"])) { + if ($perms["edit_other"] or userHasZoneAccess($_SESSION["_UID"], $zoneid) or ($perms["edit_own"] and $row["user_id"] == $_SESSION["_UID"])) { $records = getRecords($zoneid); echo "<p>· <a href=\"new_record.php?zone=$zoneid\">New record</a></p>\n"; @@ -49,11 +49,19 @@ echo "<tr>\n"; if (htmlentities($record["type"]) != "PTR") { - echo "<td class=\"row$row_id\">".htmlentities($record["name"])."</td>\n"; + if ($record["type"] != "SOA") { + echo "<td class=\"row$row_id\"><a href=\"edit_record.php?id=".$record["id"]."\">".htmlentities($record["name"])."</a></td>\n"; + } else { + echo "<td class=\"row$row_id\">".htmlentities($record["name"])."</td>\n"; + } } else { - $expaddy = explode(".", htmlentities($record["name"])); $dispaddy = $expaddy[3].".".$expaddy[2].".".$expaddy[1].".".$expaddy[0]; - echo "<td class=\"row$row_id\">".$dispaddy."</td>\n"; + $expaddy = explode(".", htmlentities($record["name"])); + if ($record["type"] != "SOA") { + echo "<td class=\"row$row_id\"><a href=\"edit_record.php?id=".$record["id"]."\">".$dispaddy."</a></td>\n"; + } else { + echo "<td class=\"row$row_id\">".$dispaddy."</td>\n"; + } } echo "<td class=\"row$row_id\" align=\"center\">".htmlentities($record["type"])."</td>\n"; echo "<td class=\"row$row_id\">".htmlentities($record["content"])."</td>\n"; Index: publicdnsadmin/index.php diff -u publicdnsadmin/index.php:1.1.1.1 publicdnsadmin/index.php:1.2 --- publicdnsadmin/index.php:1.1.1.1 Wed Apr 16 00:19:05 2003 +++ publicdnsadmin/index.php Fri Jun 13 06:28:58 2003 @@ -101,9 +101,6 @@ </tr> </table> </form> -<br> -<b>This System Is BETA, Report Any Errors To <a href="mailto:vu...@li...">vu...@li...</a></b> -<br> <?php } Index: publicdnsadmin/lib/footer.php diff -u publicdnsadmin/lib/footer.php:1.1.1.1 publicdnsadmin/lib/footer.php:1.2 --- publicdnsadmin/lib/footer.php:1.1.1.1 Wed Apr 16 00:19:07 2003 +++ publicdnsadmin/lib/footer.php Fri Jun 13 06:28:59 2003 @@ -7,12 +7,11 @@ Distributed under the GPL license, see LICENSE for more information - $Id: footer.php,v 1.1.1.1 2003/04/16 07:19:07 sirvulcan Exp $ + $Id: footer.php,v 1.2 2003/06/13 13:28:59 sirvulcan Exp $ */ ?> -<center> -<a href="http://www.sourceforge.net/projects/publicdnsadmin/">Public DNS Administrator<a/> -</center> +<br> +Powered By <a href="http://www.sirvulcan.org/">Public DNS Administrator<a/> </td> </table> Index: publicdnsadmin/lib/header.php diff -u publicdnsadmin/lib/header.php:1.1.1.1 publicdnsadmin/lib/header.php:1.2 --- publicdnsadmin/lib/header.php:1.1.1.1 Wed Apr 16 00:19:07 2003 +++ publicdnsadmin/lib/header.php Fri Jun 13 06:29:00 2003 @@ -7,7 +7,7 @@ Distributed under the GPL license, see LICENSE for more information - $Id: header.php,v 1.1.1.1 2003/04/16 07:19:07 sirvulcan Exp $ + $Id: header.php,v 1.2 2003/06/13 13:29:00 sirvulcan Exp $ */ ?> @@ -21,8 +21,6 @@ </head> <body> -<img src="images/logo.gif"><br><br> - <table border="0" cellspacing="1" cellpadding="5" width="100%"> <tr> <td valign="top" class="menu" nowrap style="border-top: 1px solid #000000; border-left: 1px solid #000000; border-right: 1px solid #000000; border-bottom: 1px solid #000000;"> @@ -56,3 +54,4 @@ </td> <td> </td> <td valign="top" width="100%"> + <img src="images/logo.gif"><br> Index: publicdnsadmin/lib/permission.inc.php diff -u publicdnsadmin/lib/permission.inc.php:1.1.1.1 publicdnsadmin/lib/permission.inc.php:1.2 --- publicdnsadmin/lib/permission.inc.php:1.1.1.1 Wed Apr 16 00:19:07 2003 +++ publicdnsadmin/lib/permission.inc.php Fri Jun 13 06:29:00 2003 @@ -7,7 +7,7 @@ Distributed under the GPL license, see LICENSE for more information - $Id: permission.inc.php,v 1.1.1.1 2003/04/16 07:19:07 sirvulcan Exp $ + $Id: permission.inc.php,v 1.2 2003/06/13 13:29:00 sirvulcan Exp $ */ function displayNoAccess() { @@ -30,6 +30,24 @@ } } +} + +function userHasZoneAccess($userid, $zoneid) { + + $dbh = db_connect(); + $result = $dbh->query("SELECT id FROM domains WHERE id = '$zoneid'"); + if (!$dbh->isError($result) && $result->numRows()) { + $result = $dbh->query("SELECT id FROM users WHERE id = '$userid'"); + if (!$dbh->isError($result) && $result->numRows()) { + $result = $dbh->query("SELECT domain_id, user_id FROM domain_owners WHERE domain_id = '$zoneid' AND user_id = '$userid'"); + if (!$dbh->isError($result) && $result->numRows()) { + return true; + } else { + return false; + } + } + } + $dbh->disconnect(); } function getUserPermissions($userid) { Index: publicdnsadmin/lib/records.inc.php diff -u publicdnsadmin/lib/records.inc.php:1.1.1.1 publicdnsadmin/lib/records.inc.php:1.2 --- publicdnsadmin/lib/records.inc.php:1.1.1.1 Wed Apr 16 00:19:08 2003 +++ publicdnsadmin/lib/records.inc.php Fri Jun 13 06:29:00 2003 @@ -7,7 +7,7 @@ Distributed under the GPL license, see LICENSE for more information - $Id: records.inc.php,v 1.1.1.1 2003/04/16 07:19:08 sirvulcan Exp $ + $Id: records.inc.php,v 1.2 2003/06/13 13:29:00 sirvulcan Exp $ */ function getRecords($zoneid) { @@ -160,6 +160,57 @@ return $ok; +} + +function validateTemRecordContent($type, $content, $template = false) { + + $ok = 1; + + /* TODO: Better validation :) */ + if ($type == "NS") { + if (!preg_match("/^[a-zA-Z0-9-_\.]+/", $content)) { + if ($template and preg_match("/\\\$DOMAIN/", $content)) { + $ok = 1; + } else { + $ok = 0; + } + } + } elseif ($type == "MX") { + if (!preg_match("/^[a-zA-Z0-9-_\.]+/", $content)) { + if ($template and preg_match("/\\\$DOMAIN/", $content)) { + $ok = 1; + } else { + $ok = 0; + } + } + } elseif ($type == "A") { + if (!preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/", $content)) { + $ok = 0; + } + } elseif ($type == "AAAA") { + if (!preg_match("/^[0-9a-f\:]+/", $content)) { + $ok = 0; + } + } elseif ($type == "PTR") { + if (!preg_match("/^[a-zA-Z0-9-_\.]+/", $content)) { + $ok = 0; + } + } elseif ($type == "CNAME") { + if (!preg_match("/^[a-zA-Z0-9-_\.]+/", $content)) { + if ($template and preg_match("/\\\$DOMAIN/", $content)) { + $ok = 1; + } else { + $ok = 0; + } + } + } elseif ($type == "TXT") { + if (!$content) { + $ok = 0; + } + } + + return $ok; + } function validateRecordData($type, $record, $template = false) { Index: publicdnsadmin/lib/zones.inc.php diff -u publicdnsadmin/lib/zones.inc.php:1.1.1.1 publicdnsadmin/lib/zones.inc.php:1.2 --- publicdnsadmin/lib/zones.inc.php:1.1.1.1 Wed Apr 16 00:19:08 2003 +++ publicdnsadmin/lib/zones.inc.php Fri Jun 13 06:29:00 2003 @@ -7,7 +7,7 @@ Distributed under the GPL license, see LICENSE for more information - $Id: zones.inc.php,v 1.1.1.1 2003/04/16 07:19:08 sirvulcan Exp $ + $Id: zones.inc.php,v 1.2 2003/06/13 13:29:00 sirvulcan Exp $ */ function createZone($name, $template, $owner) { @@ -148,6 +148,46 @@ } $dbh->disconnect(); + +} + +function getZoneFromRecord($recid) { + $dbh = db_connect(); + $result = $dbh->query("SELECT id, domain_id FROM records WHERE id = '$recid'"); + if (!$dbh->isError($result) && $result->numRows()) { + $row = $result->fetchRow(); + $zoneid = $row["domain_id"]; + } + + $dbh->disconnect(); + return $zoneid; + +} + +function getZoneFromTemplateRecord($id) { + $dbh = db_connect(); + $result = $dbh->query("SELECT id, template_id FROM template_records WHERE id = '$id'"); + if (!$dbh->isError($result) && $result->numRows()) { + $row = $result->fetchRow(); + $zoneid = $row["template_id"]; + } + + $dbh->disconnect(); + return $zoneid; + +} + + +function getZoneNameFromID($zoneid) { + $dbh = db_connect(); + $result = $dbh->query("SELECT id, name FROM domains WHERE id = '$id'"); + if (!$dbh->isError($result) && $result->numRows()) { + $row = $result->fetchRow(); + $zonename = $row["name"]; + } + + $dbh->disconnect(); + return $zonename; } Index: publicdnsadmin/new_record.php diff -u publicdnsadmin/new_record.php:1.1.1.1 publicdnsadmin/new_record.php:1.2 --- publicdnsadmin/new_record.php:1.1.1.1 Wed Apr 16 00:19:05 2003 +++ publicdnsadmin/new_record.php Fri Jun 13 06:28:58 2003 @@ -26,7 +26,7 @@ if (!$dbh->isError($result) && $result->numRows()) { $row = $result->fetchRow(); - if ($perms["edit_other"] or ($perms["edit_own"] and $row["user_id"] == $_SESSION["_UID"])) { + if ($perms["edit_other"] or userHasZoneAccess($_SESSION["_UID"], $zoneid) or ($perms["edit_own"] and $row["user_id"] == $_SESSION["_UID"])) { global $default_ttl; Index: publicdnsadmin/update_record.php diff -u publicdnsadmin/update_record.php:1.1.1.1 publicdnsadmin/update_record.php:1.2 --- publicdnsadmin/update_record.php:1.1.1.1 Wed Apr 16 00:19:06 2003 +++ publicdnsadmin/update_record.php Fri Jun 13 06:28:58 2003 @@ -16,6 +16,7 @@ $perms = getUserPermissions($_SESSION["_UID"]); $recordid = trim(addslashes($_GET["id"])); + $zoneid = getZoneFromRecord($recordid); ?> <h3>Edit domain » edit record</h3> @@ -26,7 +27,7 @@ if (!$dbh->isError($result) && $result->numRows()) { $row = $result->fetchRow(); - if ($perms["edit_other"] or ($perms["edit_own"] and $row["user_id"] == $_SESSION["_UID"])) { + if ($perms["edit_other"] or userHasZoneAccess($_SESSION["_UID"], $zoneid) or ($perms["edit_own"] and $row["user_id"] == $_SESSION["_UID"])) { global $default_ttl; $record = trim(addslashes($_POST["record"])); Index: publicdnsadmin/update_template_record.php diff -u publicdnsadmin/update_template_record.php:1.1.1.1 publicdnsadmin/update_template_record.php:1.2 --- publicdnsadmin/update_template_record.php:1.1.1.1 Wed Apr 16 00:19:06 2003 +++ publicdnsadmin/update_template_record.php Fri Jun 13 06:28:58 2003 @@ -51,7 +51,9 @@ $ttl = $default_ttl; } - if (!validateRecordContent($type, $content)) { + + + if (!validateTemRecordContent($type, $content)) { echo "<p class=\"error\">· Invalid content for pointer type</p>\n"; } elseif (!validateRecordData($type, $record)) { echo "<p class=\"error\">· Invalid record data for pointer type</p>\n"; ----------------------- End of diff ----------------------- |