if (!isset($_POST["u"]) || !isset($_POST["p"]) || !isset($_POST["cp"]) || !isset($_POST["t"])) { echo $text[$lan]["err1"]; exit(1); } $rq_npass = base64_decode($_POST["p"]); $rq_cpass = base64_decode($_POST["cp"]); if (strlen($_POST["u"]) < MIN_USER_LENGTH || strlen($rq_npass) < MIN_PASS_LENGTH || strlen($rq_cpass) < MIN_PASS_LENGTH) { echo $text[$lan]["err2"]; exit(2); } if ($_POST["p"] != $_POST["cp"]) { echo $text[$lan]["err3"]; exit(3); } $pgclient = new PgClient($db_config); $user = $pgclient->prepare($_POST["u"], "email"); $pass = hash("sha512", $salt . $rq_npass); $token = $pgclient->prepare($_POST["t"], "text"); $pgclient->connect() or die($text[$lan]["dberror"]); $q = "Select * from usuarios where lower(mail)=lower('" . $user . "') and hash='" . $token . "' and now() < max_time_valid_hash;"; $pgclient->exeq($q); if ($pgclient->lq_nresults() == 0) { // No results, no valid hash echo $text[$lan]["err4"]; exit(4); } $q = "update usuarios set pass='******' where lower(mail)=lower('" . $user . "');"; $pgclient->exeq($q); $q = "update usuarios set hash='' where lower(mail)=lower('" . $user . "');"; $pgclient->exeq($q); $q = "update usuarios set max_time_valid_hash=null where lower(mail)=lower('" . $user . "');";
exit(1); } $lan = $_SESSION["lan"]; session_write_close(); if (!isset($_POST["u"])) { echo $text[$lan]["err1"]; exit(1); } if (strlen($_POST["u"]) < MIN_USER_LENGTH) { echo $text[$lan]["err2"]; exit(2); } $salt = "as!09**31sfSAFasfaNYGFB"; $pgclient = new PgClient($db_config); $strenght = 4; $user = $pgclient->prepare($_POST["u"], "email"); $hash = hash("sha256", $salt . openssl_random_pseudo_bytes($strenght) . rand()); $pgclient->connect() or die($text[$lan]["dberror"]); $q = "Select * from usuarios where lower(mail)=lower('" . $user . "');"; $r = pg_fetch_object($pgclient->exeq($q)); if ($pgclient->lq_nresults() == 0) { // USER NON EXISTENT OR PASSWORD ERROR echo $text[$lan]["err3"]; exit(3); } /* ----------------------------- */ /* CASTELLANO */ $text["es"]["subject"] = "Recuperar acceso a CODDNS"; $text["es"]["mailbody"] = "\n<h3>Hola!</h3>\n<p>Hemos recibido una solicitud de cambio de contraseña desde " . _ip() . "</p>\n<p>Si no has iniciado ninguna acción no es necesario que hagas nada.</p>\n<p>En caso de que realmente quieras cambiar tus datos de acceso, por favor, sigue el siguiente enlace:</p>\n<a href='http://" . $config["domainname"] . "/?z=newpassword&token=" . $hash . "'>Cambiar mi contraseña</a>\n<p> Si el enlace no funciona copia el siguiente texto en el navegador para acceder.</p>\nhttp://" . $config["domainname"] . "/?z=newpassword&token=" . $hash . "\n<p>Gracias!</p>\n<p>Saludos,</p>\n<p>CODDNS</p>\n"; /* ENGLISH */ $text["en"]["subject"] = "Recover access to CODDNS";
if ($check < 0 || $check == FALSE) { echo "La dirección IP no es válida"; exit(2); } $pgclient = new PgClient($db_config); $pgclient->connect() or die("ERR"); $host = strtok($_POST["edith"], "."); $main = strtok("."); $dom = strtok("."); $check = $config["domainname"]; $checkm = strtok($check, "."); $checkd = strtok("."); if ($main != $checkm || $dom != $checkd || strlen($host) < LENGTH_HOST_MIN || strlen($host) > LENGTH_HOST_MAX) { die("ERR: nombre de host no valido"); } $host = $pgclient->prepare($host, "letters") . "." . $config["domainname"]; $ip = $_POST["nip"]; // UPDATE ONLY AN EXISTENT HOST $q = "select count(tag) from hosts where lower(tag)=lower('" . $host . "') and oid=(select id from usuarios where lower(mail)=lower('" . $pgclient->prepare($_SESSION["email"], "email") . "'));"; $pgclient->exeq($q); if ($pgclient->lq_nresults() == 1) { $q = "update hosts set ip='" . $ip . "' where tag='" . $host . "';"; $pgclient->exeq($q); // LAUNCH DNS UPDATER // -- erase $out = shell_exec("dnsmgr d " . $host . " A"); // -- add $out = shell_exec("dnsmgr a " . $host . " A " . $ip); echo "OK"; } else { header("Location: /err403.html");
<?php require_once "include/config.php"; require_once "lib/pgclient.php"; defined("LENGTH_HOST_MIN") or define("LENGTH_HOST_MIN", 1); defined("LENGTH_HOST_MAX") or define("LENGTH_HOST_MAX", 200); // devuelve la disponibilidad o no de una etiqueta host para un subdominio dado if (!isset($_POST["h"])) { header("Location: /"); exit(1); } $pgclient = new PgClient($db_config); $pgclient->connect() or die("ERR"); $host = $pgclient->prepare($_POST["h"], "letters"); if (strlen($host) < LENGTH_HOST_MIN || strlen($host) > LENGTH_HOST_MAX || !preg_match('/^[a-zA-Z]+([0-9]*[a-zA-Z]*)*$/', $_POST["h"])) { die("<div class='r err'>No cumple los requisitos</div>"); } $q = "select * from hosts where lower(tag)=lower('" . $host . "." . $config["domainname"] . "');"; $pgclient->exeq($q); if ($pgclient->lq_nresults() > 0) { echo "<div class='r err'>No disponible</div>"; } else { echo "<div class='r ok'>Disponible</div>"; } $pgclient->disconnect(); ?>
require_once "include/config.php"; require_once "lib/ipv4.php"; require_once "lib/pgclient.php"; defined("LENGTH_USER_MIN") or define("LENGTH_USER_MIN", 2); defined("LENGTH_PASS_MIN") or define("LENGTH_PASS_MIN", 2); defined("LENGTH_HOST_MIN") or define("LENGTH_HOST_MIN", 1); defined("LENGTH_HOST_MAX") or define("LENGTH_HOST_MAX", 200); if (!isset($_POST["u"]) || !isset($_POST["p"]) || !isset($_POST["h"])) { die("ERR"); } if (strlen($_POST["u"]) < LENGTH_USER_MIN || strlen($_POST["p"]) < LENGTH_PASS_MIN || strlen($_POST["h"]) < LENGTH_HOST_MIN) { die("ERR"); } $pgclient = new PgClient($db_config); $pgclient->connect() or die("ERR"); $user = $pgclient->prepare($_POST["u"], "email"); $rq_pass = base64_decode($_POST["p"]); $pass = hash("sha512", $salt . $rq_pass); $host = strtok($_POST["h"], "."); $main = strtok("."); $dom = strtok("."); $check = $config["domainname"]; $checkm = strtok($check, "."); $checkd = strtok("."); if ($main != $checkm || $dom != $checkd || strlen($host) < LENGTH_HOST_MIN || strlen($host) > LENGTH_HOST_MAX) { die("ERR: nombre de host no valido"); } $host = $pgclient->prepare($host, "letters") . "." . $config["domainname"]; $q = "select * from usuarios where mail='" . $user . "' and pass='******';"; $pgclient->exeq($q); if ($pgclient->lq_nresults() == 0) {
</style> </head> <body> <?php if (!isset($_SESSION["email"])) { header("Location: " . $config["html_root"]); exit(1); } if (!isset($_POST["delh"])) { die("woops..."); } $pgclient = new PgClient($db_config); $pgclient->connect() or die("ERR"); $host = strtok($_POST["delh"], "."); $host = $pgclient->prepare($host, "letters") . "." . $config["domainname"]; $q = "delete from hosts where oid=(select id from usuarios where lower(mail)=lower('" . $_SESSION["email"] . "')) and lower(tag)=lower('" . $host . "');"; $pgclient->exeq($q); // LAUNCH DNS UPDATER $out = shell_exec("dnsmgr d " . $host . " A"); $pgclient->disconnect(); echo "<div><p>Se ha eliminado " . $host . " correctamente<p><a href='" . $config["html_root"] . "/'>Volver</a></div>"; session_write_close(); ?> </body> </html> <?php if (!strlen($out) > 0) { header("Location: " . $config["html_root"]);
?> "><?php echo $text[$lan]["back"]; ?> </a> <?php exit(1); } $check = ip2long($_POST["ip"]); if ($check < 0 || $check == FALSE) { echo $text["en"]["ip_f"]; exit(2); } $pgclient = new PgClient($db_config); $pgclient->connect() or die("ERR"); $host = $pgclient->prepare($_POST["h"], "letters") . "." . $config["domainname"]; $ip = $_POST["ip"]; // INSERT NEW HOST IF NO ONE EXISTS $q = "select * from hosts where lower(tag)=lower('" . $host . "');"; $pgclient->exeq($q); if ($pgclient->lq_nresults() > 0) { die("Ese nombre de host no está disponible<br><a href='/'>Volver</a>"); } // LAUNCH DNS UPDATER $out = shell_exec("/opt/ddns/dnsmgr.sh a " . $host . " A " . $ip); $q = "insert into hosts (oid, tag, ip) values ( (select id from usuarios where mail=lower('" . $_SESSION["email"] . "')), lower('" . $host . "'), '" . $ip . "');"; $pgclient->exeq($q); echo "Agregado correctamente [" . $out . "] "; $pgclient->disconnect(); session_write_close(); if (!strlen($out) > 0) {