exit;
}
// Make sure this is not type 'user'
if ($user_info['Account_Type'] == 'user') {
set_msg_err("Error: you do not have privileges to delete this user");
$smarty->display('header.tpl');
$smarty->display('footer.tpl');
exit;
}
// Make sure this group_admin has rights to delete
if ($user_info['Account_Type'] == 'group_admin') {
$q = "select gid from accounts where cid='" . $_REQUEST['cid'] . "'";
$result = mysql_query($q) or die(mysql_error());
$owner_info = mysql_fetch_array($result);
if ($user_info['cid'] != $owner_info['gid']) {
set_msg_err("Error: you do not have privileges to delete this user");
$smarty->display('header.tpl');
$smarty->display('footer.tpl');
exit;
}
}
// Set domains/records to user 0 for senior admins, or group id
if ($user_info['Account_Type'] == 'group_admin') {
$q1 = "update domains set owner_id='" . $user_info['cid'] . "' where owner_id='" . $_REQUEST['cid'] . "'";
} else {
if ($user_info['Account_Type'] == 'senior_admin') {
$q1 = "update domains set owner_id=0 where owner_id='" . $_REQUEST['cid'] . "'";
}
}
$q2 = "delete from accounts where cid='" . $_REQUEST['cid'] . "'";
mysql_query($q1) or die(mysql_error());
// verify record to be added
$result = verify_record($name, $_REQUEST['type'], $_REQUEST['address'], $_REQUEST['distance'], $_REQUEST['weight'], $_REQUEST['port'], $_REQUEST['ttl']);
if ($result != 'OK') {
// Set values
$q = "select * from records where record_id='" . $_REQUEST['record_id'] . "' and domain_id='" . get_dom_id($domain) . "' and type!='S' limit 1";
$stmt = $pdo->query($q) or die(print_r($pdo->errorInfo()));
$row = $stmt->fetch();
$smarty->assign('record_id', $_REQUEST['record_id']);
$smarty->assign('name', $row['host']);
$smarty->assign('address', $row['val']);
$smarty->assign('type', get_type($row['type']));
$smarty->assign('distance', $row['distance']);
$smarty->assign('weight', $row['weight']);
$smarty->assign('port', $row['port']);
$smarty->assign('ttl', $row['ttl']);
set_msg_err(htmlentities($result, ENT_QUOTES));
$smarty->display('header.tpl');
$smarty->display('edit_record.tpl');
$smarty->display('footer.tpl');
exit;
} else {
// Update record
if ($_REQUEST['type'] == 'AAAA' || $_REQUEST['type'] == 'AAAA+PTR') {
$address = uncompress_ipv6($_REQUEST['address']);
} else {
$address = $_REQUEST['address'];
}
if (strlen($_REQUEST['weight'])) {
$weightstring = "weight=" . $_REQUEST['weight'] . ",";
} else {
$weightstring = null;
// make sure the email addresses are in in the database
$owner_id = get_cid(strtolower($_REQUEST['email_address']));
$q = "select 'Email' from accounts where cid='{$owner_id}'";
$stmt = $pdo->query($q) or die(print_r($pdo->errorInfo()));
if ($stmt->rowCount() == 0) {
set_msg_err("Error: " . $_REQUEST['email_address'] . " is not in the database");
$smarty->display('header.tpl');
$smarty->display('footer.tpl');
exit;
}
if ($user_info['Account_Type'] == 'senior_admin' && isset($_REQUEST['group_email_address']) && $_REQUEST['group_email_address'] != '') {
$group_owner_id = get_cid(strtolower($_REQUEST['group_email_address']));
$q = "select 'Email' from accounts where cid='{$group_owner_id}' and Account_Type='group_admin'";
$stmt = $pdo->query($q) or die(print_r($pdo->errorInfo()));
if ($stmt->rowCount() == 0) {
set_msg_err("Error: " . $_REQUEST['group_email_address'] . " is not in the database, or their Account_Type is not 'group_admin'");
$smarty->display('header.tpl');
require 'src/change_owner.php';
$smarty->display('footer.tpl');
exit;
}
$change_group = 1;
}
$q = "update domains set owner_id='{$owner_id}'";
if ($change_group == 1) {
$q .= ", group_owner_id = '{$group_owner_id}'";
}
$q .= " where domain_id = '" . $_REQUEST['domain_id'] . "'";
$pdo->query($q) or die(print_r($pdo->errorInfo()));
$log_entry = "changed owner to " . get_owner_name($owner_id);
if ($change_group == 1) {
if ($email == "") {
set_msg_err("Error: you do not appear to be logged in");
header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID);
exit;
} else {
header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID . "&state=logged_in");
exit;
}
}
} else {
if ($_REQUEST['state'] == "logged_in") {
// SHOW MAIN SCREEN
// First make sure they are really logged in!
$email = verify_session();
if ($email == "") {
set_msg_err("Error: you do not appear to be logged in.");
header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID);
exit;
} else {
// Set base url for convenience
$base_url = $_SERVER['PHP_SELF'] . "?" . SID . "&state=logged_in";
// Get current account settings
$result = $pdo->query("select * from accounts where Email='{$email}'") or die(print_r($pdo->errorInfo()));
$user_info = $result->fetchAll();
$user_info = $user_info[0];
// Setup smarty stuff
$smarty->assign('email', $email);
$smarty->assign('state', $_REQUEST['state']);
if (isset($_REQUEST['mode'])) {
$smarty->assign('mode', $_REQUEST['mode']);
}
$smarty->display('help.tpl');
$smarty->display('footer.tpl');
exit;
} else {
if ($_REQUEST['mode'] == "send_pass") {
// Make sure it's a valid address
if (!check_email_format($_REQUEST['username'])) {
set_msg_err("Error: \"" . $_REQUEST['username'] . "\" does not appear to be a properly formatted email address");
header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID . "&state=help");
exit;
}
// Make sure it's in the database
require 'src/connect.php';
$result = mysql_query("select cid from accounts where Email='" . strtolower($_REQUEST['username']) . "'") or die(mysql_error());
if (mysql_num_rows($result) < 1) {
set_msg_err("Error: \"" . $_REQUEST['username'] . "\" does not appear in our database");
header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID . "&state=help");
exit;
} else {
$fa = mysql_fetch_array($result);
// Send Password
$newpass = substr(md5(rand(0, 10000) . "vegadns_" . $_REQUEST['username'] . rand(0, 10000)), 0, rand(5, 8));
mysql_query("update accounts set Password='******' where cid=" . $fa[0]);
$body = "Here is your requested information:\n\n";
$body .= "Your new password is: " . $newpass . "\n\n";
$body .= "If you have further questions, please contact {$supportemail}\n";
$body .= "\n\nThanks,\n\n";
$body .= "The VegaDNS Team";
mail(strtolower($_REQUEST['username']), "Requested information", $body, "Return-path: {$supportemail}\r\nFrom: \"{$supportname}\" <{$supportemail}>");
set_msg("Your password has been mailed to you");
header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID);
}
if (!check_email_format($_REQUEST['email_address'])) {
set_msg_err("Error: invalid email address");
$smarty->display('header.tpl');
require 'src/account_form.php';
$smarty->display('footer.tpl');
exit;
}
// If the email address is changing, check that it's not already in use
if ($account_info['Email'] != strtolower($_REQUEST['email_address'])) {
$q = mysql_query("select Email from accounts where Email='" . mysql_escape_string(strtolower($_REQUEST['email_address'])) . "'");
$email_rows = mysql_num_rows($q);
if ($email_rows > 0) {
set_msg_err("Error: email address already in use");
$smarty->display('header.tpl');
require 'src/account_form.php';
$smarty->display('footer.tpl');
exit;
}
}
if ($_REQUEST['password'] != $_REQUEST['password2']) {
set_msg_err("Error: passwords do not match");
$smarty->display('header.tpl');
require 'src/account_form.php';
$smarty->display('footer.tpl');
exit;
}
// group owner change stuff
if ($user_info['Account_Type'] == 'senior_admin' && strlen($_REQUEST['group_email_address']) > 0) {
$new_gid = get_cid($_REQUEST['group_email_address']);
}
if ($stmt->rowCount() == 0) {
$stmt = $pdo->query($sa_q) or die(print_r($pdo->errorInfo()));
}
}
$row = $stmt->fetch();
$soa = parse_soa($row);
// Edit SOA Menu
$smarty->display('header.tpl');
require 'src/edit_default_soa_form.php';
$smarty->display('footer.tpl');
exit;
}
if ($_REQUEST['record_mode'] == 'edit_soa_now') {
// Check email
if (!isset($_REQUEST['contactaddr']) || $_REQUEST['contactaddr'] == "") {
set_msg_err("Error: missing contact address");
$smarty->display('header.tpl');
require 'src/edit_default_soa_form.php';
$smarty->display('footer.tpl');
exit;
}
// See if this group_admin has an existing soa
if ($user_info['Account_Type'] == 'group_admin') {
$default_type = 'group';
$q = "select record_id from default_records where type='S' and group_owner_id='" . $user_info['cid'] . "' limit 1";
$stmt = $pdo->query($q) or die(print_r($pdo->errorInfo()));
if ($stmt->rowCount() == 0) {
$new_soa = 1;
} else {
$new_soa = 0;
$row = $stmt->fetch();