if (!isset($_POST["u"]) || !isset($_POST["p"]) || !isset($_POST["cp"]) || !isset($_POST["t"])) {
echo $text[$lan]["err1"];
exit(1);
}
$rq_npass = base64_decode($_POST["p"]);
$rq_cpass = base64_decode($_POST["cp"]);
if (strlen($_POST["u"]) < MIN_USER_LENGTH || strlen($rq_npass) < MIN_PASS_LENGTH || strlen($rq_cpass) < MIN_PASS_LENGTH) {
echo $text[$lan]["err2"];
exit(2);
}
if ($_POST["p"] != $_POST["cp"]) {
echo $text[$lan]["err3"];
exit(3);
}
$pgclient = new PgClient($db_config);
$user = $pgclient->prepare($_POST["u"], "email");
$pass = hash("sha512", $salt . $rq_npass);
$token = $pgclient->prepare($_POST["t"], "text");
$pgclient->connect() or die($text[$lan]["dberror"]);
$q = "Select * from usuarios where lower(mail)=lower('" . $user . "') and hash='" . $token . "' and now() < max_time_valid_hash;";
$pgclient->exeq($q);
if ($pgclient->lq_nresults() == 0) {
// No results, no valid hash
echo $text[$lan]["err4"];
exit(4);
}
$q = "update usuarios set pass='******' where lower(mail)=lower('" . $user . "');";
$pgclient->exeq($q);
$q = "update usuarios set hash='' where lower(mail)=lower('" . $user . "');";
$pgclient->exeq($q);
$q = "update usuarios set max_time_valid_hash=null where lower(mail)=lower('" . $user . "');";
exit(1);
}
$lan = $_SESSION["lan"];
session_write_close();
if (!isset($_POST["u"])) {
echo $text[$lan]["err1"];
exit(1);
}
if (strlen($_POST["u"]) < MIN_USER_LENGTH) {
echo $text[$lan]["err2"];
exit(2);
}
$salt = "as!09**31sfSAFasfaNYGFB";
$pgclient = new PgClient($db_config);
$strenght = 4;
$user = $pgclient->prepare($_POST["u"], "email");
$hash = hash("sha256", $salt . openssl_random_pseudo_bytes($strenght) . rand());
$pgclient->connect() or die($text[$lan]["dberror"]);
$q = "Select * from usuarios where lower(mail)=lower('" . $user . "');";
$r = pg_fetch_object($pgclient->exeq($q));
if ($pgclient->lq_nresults() == 0) {
// USER NON EXISTENT OR PASSWORD ERROR
echo $text[$lan]["err3"];
exit(3);
}
/* ----------------------------- */
/* CASTELLANO */
$text["es"]["subject"] = "Recuperar acceso a CODDNS";
$text["es"]["mailbody"] = "\n<h3>Hola!</h3>\n<p>Hemos recibido una solicitud de cambio de contraseña desde " . _ip() . "</p>\n<p>Si no has iniciado ninguna acción no es necesario que hagas nada.</p>\n<p>En caso de que realmente quieras cambiar tus datos de acceso, por favor, sigue el siguiente enlace:</p>\n<a href='http://" . $config["domainname"] . "/?z=newpassword&token=" . $hash . "'>Cambiar mi contraseña</a>\n<p> Si el enlace no funciona copia el siguiente texto en el navegador para acceder.</p>\nhttp://" . $config["domainname"] . "/?z=newpassword&token=" . $hash . "\n<p>Gracias!</p>\n<p>Saludos,</p>\n<p>CODDNS</p>\n";
/* ENGLISH */
$text["en"]["subject"] = "Recover access to CODDNS";
if ($check < 0 || $check == FALSE) {
echo "La dirección IP no es válida";
exit(2);
}
$pgclient = new PgClient($db_config);
$pgclient->connect() or die("ERR");
$host = strtok($_POST["edith"], ".");
$main = strtok(".");
$dom = strtok(".");
$check = $config["domainname"];
$checkm = strtok($check, ".");
$checkd = strtok(".");
if ($main != $checkm || $dom != $checkd || strlen($host) < LENGTH_HOST_MIN || strlen($host) > LENGTH_HOST_MAX) {
die("ERR: nombre de host no valido");
}
$host = $pgclient->prepare($host, "letters") . "." . $config["domainname"];
$ip = $_POST["nip"];
// UPDATE ONLY AN EXISTENT HOST
$q = "select count(tag) from hosts where lower(tag)=lower('" . $host . "') and oid=(select id from usuarios where lower(mail)=lower('" . $pgclient->prepare($_SESSION["email"], "email") . "'));";
$pgclient->exeq($q);
if ($pgclient->lq_nresults() == 1) {
$q = "update hosts set ip='" . $ip . "' where tag='" . $host . "';";
$pgclient->exeq($q);
// LAUNCH DNS UPDATER
// -- erase
$out = shell_exec("dnsmgr d " . $host . " A");
// -- add
$out = shell_exec("dnsmgr a " . $host . " A " . $ip);
echo "OK";
} else {
header("Location: /err403.html");
<?php
require_once "include/config.php";
require_once "lib/pgclient.php";
defined("LENGTH_HOST_MIN") or define("LENGTH_HOST_MIN", 1);
defined("LENGTH_HOST_MAX") or define("LENGTH_HOST_MAX", 200);
// devuelve la disponibilidad o no de una etiqueta host para un subdominio dado
if (!isset($_POST["h"])) {
header("Location: /");
exit(1);
}
$pgclient = new PgClient($db_config);
$pgclient->connect() or die("ERR");
$host = $pgclient->prepare($_POST["h"], "letters");
if (strlen($host) < LENGTH_HOST_MIN || strlen($host) > LENGTH_HOST_MAX || !preg_match('/^[a-zA-Z]+([0-9]*[a-zA-Z]*)*$/', $_POST["h"])) {
die("<div class='r err'>No cumple los requisitos</div>");
}
$q = "select * from hosts where lower(tag)=lower('" . $host . "." . $config["domainname"] . "');";
$pgclient->exeq($q);
if ($pgclient->lq_nresults() > 0) {
echo "<div class='r err'>No disponible</div>";
} else {
echo "<div class='r ok'>Disponible</div>";
}
$pgclient->disconnect();
?>
require_once "include/config.php";
require_once "lib/ipv4.php";
require_once "lib/pgclient.php";
defined("LENGTH_USER_MIN") or define("LENGTH_USER_MIN", 2);
defined("LENGTH_PASS_MIN") or define("LENGTH_PASS_MIN", 2);
defined("LENGTH_HOST_MIN") or define("LENGTH_HOST_MIN", 1);
defined("LENGTH_HOST_MAX") or define("LENGTH_HOST_MAX", 200);
if (!isset($_POST["u"]) || !isset($_POST["p"]) || !isset($_POST["h"])) {
die("ERR");
}
if (strlen($_POST["u"]) < LENGTH_USER_MIN || strlen($_POST["p"]) < LENGTH_PASS_MIN || strlen($_POST["h"]) < LENGTH_HOST_MIN) {
die("ERR");
}
$pgclient = new PgClient($db_config);
$pgclient->connect() or die("ERR");
$user = $pgclient->prepare($_POST["u"], "email");
$rq_pass = base64_decode($_POST["p"]);
$pass = hash("sha512", $salt . $rq_pass);
$host = strtok($_POST["h"], ".");
$main = strtok(".");
$dom = strtok(".");
$check = $config["domainname"];
$checkm = strtok($check, ".");
$checkd = strtok(".");
if ($main != $checkm || $dom != $checkd || strlen($host) < LENGTH_HOST_MIN || strlen($host) > LENGTH_HOST_MAX) {
die("ERR: nombre de host no valido");
}
$host = $pgclient->prepare($host, "letters") . "." . $config["domainname"];
$q = "select * from usuarios where mail='" . $user . "' and pass='******';";
$pgclient->exeq($q);
if ($pgclient->lq_nresults() == 0) {
</style>
</head>
<body>
<?php
if (!isset($_SESSION["email"])) {
header("Location: " . $config["html_root"]);
exit(1);
}
if (!isset($_POST["delh"])) {
die("woops...");
}
$pgclient = new PgClient($db_config);
$pgclient->connect() or die("ERR");
$host = strtok($_POST["delh"], ".");
$host = $pgclient->prepare($host, "letters") . "." . $config["domainname"];
$q = "delete from hosts where oid=(select id from usuarios where lower(mail)=lower('" . $_SESSION["email"] . "')) and lower(tag)=lower('" . $host . "');";
$pgclient->exeq($q);
// LAUNCH DNS UPDATER
$out = shell_exec("dnsmgr d " . $host . " A");
$pgclient->disconnect();
echo "<div><p>Se ha eliminado " . $host . " correctamente<p><a href='" . $config["html_root"] . "/'>Volver</a></div>";
session_write_close();
?>
</body>
</html>
<?php
if (!strlen($out) > 0) {
header("Location: " . $config["html_root"]);
?>
"><?php
echo $text[$lan]["back"];
?>
</a>
<?php
exit(1);
}
$check = ip2long($_POST["ip"]);
if ($check < 0 || $check == FALSE) {
echo $text["en"]["ip_f"];
exit(2);
}
$pgclient = new PgClient($db_config);
$pgclient->connect() or die("ERR");
$host = $pgclient->prepare($_POST["h"], "letters") . "." . $config["domainname"];
$ip = $_POST["ip"];
// INSERT NEW HOST IF NO ONE EXISTS
$q = "select * from hosts where lower(tag)=lower('" . $host . "');";
$pgclient->exeq($q);
if ($pgclient->lq_nresults() > 0) {
die("Ese nombre de host no está disponible<br><a href='/'>Volver</a>");
}
// LAUNCH DNS UPDATER
$out = shell_exec("/opt/ddns/dnsmgr.sh a " . $host . " A " . $ip);
$q = "insert into hosts (oid, tag, ip) values ( (select id from usuarios where mail=lower('" . $_SESSION["email"] . "')), lower('" . $host . "'), '" . $ip . "');";
$pgclient->exeq($q);
echo "Agregado correctamente [" . $out . "] ";
$pgclient->disconnect();
session_write_close();
if (!strlen($out) > 0) {
