public function index() { if (!isset($_POST['domain']) || $_POST['domain'] == '') { $this->session->set_flashdata('error', 'Please make sure you enter a domain name'); $this->session->set_flashdata('domain', $_POST['domain']); redirect("/home", "refresh"); } //remove "http://", "https://" and trailing slashes $url = str_replace("http://", "", $_POST['domain']); //$domain = trim( $domain, "https://" ); $url = rtrim($url, "/"); //sub folder action? $temp = explode("/", $url); if (count($temp) > 1) { $domain = $temp[0]; } else { $domain = $url; } if (!is_valid_domain_name($domain)) { $this->session->set_flashdata('error', 'Please make sure you enter a valid domain name and the domain name has a valid IP address asigned to it.'); $this->session->set_flashdata('domain', $_POST['domain']); redirect("/home", "refresh"); } //moving on, $domain now contains a crawlable domain name //counter to enforce a maximum of crawled URLs $this->session->set_userdata('pageCounter', 1); $siteID = $this->crawlmodel->createSite($url); $this->data['siteID'] = $siteID; $this->data['page'] = "statiq"; $this->load->view('statiq', $this->data); }
function mailbox_delete_alias_domain($link, $postarray) { $alias_domain = mysqli_real_escape_string($link, $postarray['alias_domain']); global $logged_in_role; global $logged_in_as; if (!mysqli_result(mysqli_query($link, "SELECT target_domain FROM alias_domain WHERE alias_domain='" . $alias_domain . "' AND (target_domain NOT IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'!='" . $logged_in_role . "')"))) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'Permission denied'); return false; } if (!is_valid_domain_name($alias_domain)) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'Invalid domain name'); return false; } $mystring = "DELETE FROM alias_domain WHERE alias_domain='" . $alias_domain . "'"; if (!mysqli_query($link, $mystring)) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL Error: ' . mysqli_error($link)); return false; } $_SESSION['return'] = array('type' => 'success', 'msg' => 'Deleted alias domain ' . htmlspecialchars($alias_domain)); }
</div> </div> </div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <button type="submit" name="trigger_mailbox_action" value="editdomainadmin" class="btn btn-success btn-sm">Submit</button> </div> </div> </form> <?php } else { echo 'Item not found or no permission.'; } } } elseif (isset($_GET['domain'])) { if (!is_valid_domain_name($_GET["domain"]) || empty($_GET["domain"])) { echo 'Incorrect form data'; } else { $domain = mysqli_real_escape_string($link, $_GET["domain"]); if (mysqli_fetch_array(mysqli_query($link, "SELECT domain FROM domain WHERE domain='{$domain}' AND ((domain IN (SELECT domain from domain_admins WHERE username='******') OR 'admin'='{$logged_in_role}'))"))) { $result = mysqli_fetch_assoc(mysqli_query($link, "SELECT * FROM domain WHERE domain='{$domain}'")); ?> <h4>Change settings for domain <strong><?php echo $domain; ?> </strong></h4> <form class="form-horizontal" role="form" method="post"> <input type="hidden" name="domain" value="<?php echo $domain; ?> ">
function get_dns_records($type, $domains) { // Allow the request variable from above global $r; // Make array from list of domains $urls = preg_split('/\\s+/', $domains); // Check which radio button was selected and assign record type switch ($type) { case "radio1": $record_type = "A"; break; default: case "radio2": $record_type = "AAAA"; break; case "radio3": $record_type = "CNAME"; break; case "radio4": $record_type = "MX"; break; case "radio5": $record_type = "NS"; break; case "radio6": $record_type = "PTR"; break; case "radio7": $record_type = "SPF"; break; case "radio8": $record_type = "TXT"; break; case "radio9": $record_type = "REVERSE"; break; } // Loop through the domains given foreach ($urls as $data) { if (is_valid_domain_name($data)) { // If the record type isn't a reverse lookup then use Net_DNS2 to run the DNS query if ($record_type !== "REVERSE") { try { $record = $r->query($data, $record_type); } catch (Net_DNS2_Exception $e) { // If the query fails completely then let us know why $record = "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">" . $e->getMessage() . "</span></td></tr>\n"; } // If the record type is reverse lookup make sure the data given in the textbox matches standard IPv4/v6 types } elseif ($record_type === "REVERSE") { if (filter_var($data, FILTER_VALIDATE_IP)) { $record = gethostbyaddr($data); } else { $record = "Please enter a valid IPv4/v6 address"; } } // If record type isn't REVERSE and there's no record for the query let us know if ($record_type !== "REVERSE" && empty($record->answer)) { // If the DNS entry doesn't exist then tell us echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\"> No record available</span></td></tr>\r\n"; // Otherwise, echo out the record results for each of the queries } else { switch ($record_type) { // Record type is set as A or AAAA case "A": case "AAAA": foreach ($record->answer as $dnsr) { if (isset($dnsr->address)) { echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->address . "</td></tr>\r\n"; } elseif (isset($dnsr->cname)) { echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->cname . "</td></tr>\r\n"; } else { echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n"; } } default: break; // Record type is set as CNAME // Record type is set as CNAME case "CNAME": foreach ($record->answer as $dnsr) { if (isset($dnsr->cname)) { echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->cname . "</td></tr>\r\n"; } else { echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n"; } } break; // Record type is set as MX // Record type is set as MX case "MX": foreach ($record->answer as $dnsr) { if (isset($dnsr->preference) && isset($dnsr->exchange)) { echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->preference . "</td><td class=\"record\">" . $dnsr->exchange . "</td></tr>\r\n"; } else { echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n"; } } break; // Record type is set as NS // Record type is set as NS case "NS": foreach ($record->answer as $dnsr) { if (isset($dnsr->nsdname)) { echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->nsdname . "</td></tr>\r\n"; } else { echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n"; } } break; // Record type is set as PTR // Record type is set as PTR case "PTR": foreach ($record->answer as $dnsr) { if (isset($dnsr->name) && isset($dnsr->ptrdname)) { echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsr->name . "</td><td class=\"record\">" . $dnsr->ptrdname . "</td></tr>\r\n"; } else { echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n"; } } break; // Record type is set as SPF or TXT // Record type is set as SPF or TXT case "SPF": case "TXT": foreach ($record->answer as $dnsr) { if (isset($dnsr->text)) { foreach ($dnsr->text as $dnsrtext) { if (isset($dnsrtext)) { echo "<tr><td>" . $data . "</td><td class=\"record\">" . $dnsrtext . "</td></tr>\r\n"; } else { echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n"; } } } else { echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n"; } } break; // Record type is set as ReverseDNS // Record type is set as ReverseDNS case "REVERSE": if (isset($record)) { echo "<tr><td>" . $data . "</td><td class=\"record\"> " . $record . "</td></tr>\r\n"; } else { echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">No record available</span></td></tr>\r\n"; } break; } } } else { echo "<tr><td>" . $data . "</td><td class=\"record\"><span class=\"norecord\">Invalid domain name entered</span></td></tr>\r\n"; } } }
echo $lang['delete']['remove_button']; ?> </button> </div> </div> </form> <?php } else { ?> <div class="alert alert-info" role="alert"><?php echo $lang['info']['no_action']; ?> </div> <?php } } elseif (isset($_GET["aliasdomain"]) && is_valid_domain_name($_GET["aliasdomain"]) && !empty($_GET["aliasdomain"])) { $alias_domain = strtolower(trim($_GET["aliasdomain"])); try { $stmt = $pdo->prepare("SELECT `target_domain` FROM `alias_domain`\r\n\t\t\t\t\t\t\tWHERE `alias_domain`= :alias_domain"); $stmt->execute(array(':alias_domain' => $alias_domain)); $DomainData = $stmt->fetch(PDO::FETCH_ASSOC); } catch (PDOException $e) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL: ' . $e); } if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $DomainData['target_domain'])) { ?> <div class="alert alert-warning" role="alert"><?php echo sprintf($lang['delete']['remove_domainalias_warning'], htmlspecialchars($_GET["aliasdomain"])); ?> </div> <form class="form-horizontal" role="form" method="post" action="/mailbox.php">
pi_log("CORS skipped, unknown HTTP_ORIGIN"); //pi_log("CORS allowed: " . join(',', $AUTHORIZED_HOSTNAMES)); } // Otherwise probably same origin... out of the scope of CORS session_start(); // Check CSRF token // Credit: http://php.net/manual/en/function.hash-equals.php#119576 if (!function_exists('hash_equals')) { function hash_equals($known_string, $user_string) { $ret = 0; if (strlen($known_string) !== strlen($user_string)) { $user_string = $known_string; $ret = 1; } $res = $known_string ^ $user_string; for ($i = strlen($res) - 1; $i >= 0; --$i) { $ret |= ord($res[$i]); } return !$ret; } } if (!isset($_SESSION['token'], $_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) { log_and_die("Wrong token"); } if (isset($_POST['domain'])) { $validDomain = is_valid_domain_name($_POST['domain']); if (!$validDomain) { log_and_die($_POST['domain'] . ' is not a valid domain'); } }
function mailbox_delete_alias_domain($link, $postarray) { $alias_domain = mysqli_real_escape_string($link, $postarray['alias_domain']); global $logged_in_as; $qstring = "SELECT `domain` FROM `domain_admins` WHERE (domain='" . $alias_domain . "' AND active='1' AND username='******') OR 'admin'='" . $_SESSION['mailcow_cc_role'] . "'"; $qresult = mysqli_query($link, $qstring); $num_results = mysqli_num_rows($qresult); if ($num_results == 0 || empty($num_results)) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'Permission Denied'); return false; } if (!is_valid_domain_name($alias_domain)) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'Invalid domain name'); return false; } $mystring = "DELETE FROM alias_domain WHERE alias_domain='" . $alias_domain . "'"; if (!mysqli_query($link, $mystring)) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL Error: ' . mysqli_error($link)); return false; } $_SESSION['return'] = array('type' => 'success', 'msg' => 'Deleted alias domain ' . htmlspecialchars($alias_domain)); }
function add_domain_admin($postarray) { global $lang; global $pdo; $username = strtolower(trim($postarray['username'])); $password = $postarray['password']; $password2 = $postarray['password2']; isset($postarray['active']) ? $active = '1' : ($active = '0'); if ($_SESSION['mailcow_cc_role'] != "admin") { $_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['access_denied'])); return false; } if (empty($postarray['domain'])) { $_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['domain_invalid'])); return false; } if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $username)) || empty($username)) { $_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['username_invalid'])); return false; } try { $stmt = $pdo->prepare("SELECT `username` FROM `mailbox`\r\n\t\t\tWHERE `username` = :username"); $stmt->execute(array(':username' => $username)); $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); $stmt = $pdo->prepare("SELECT `username` FROM `admin`\r\n\t\t\tWHERE `username` = :username"); $stmt->execute(array(':username' => $username)); $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); $stmt = $pdo->prepare("SELECT `username` FROM `domain_admins`\r\n\t\t\tWHERE `username` = :username"); $stmt->execute(array(':username' => $username)); $num_results[] = count($stmt->fetchAll(PDO::FETCH_ASSOC)); } catch (PDOException $e) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL: ' . $e); return false; } foreach ($num_results as $num_results_each) { if ($num_results_each != 0) { $_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['object_exists'], htmlspecialchars($username))); return false; } } if (!empty($password) && !empty($password2)) { if ($password != $password2) { $_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['password_mismatch'])); return false; } $password_hashed = hash_password($password); foreach ($postarray['domain'] as $domain) { if (!is_valid_domain_name($domain)) { $_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['domain_invalid'])); return false; } try { $stmt = $pdo->prepare("INSERT INTO `domain_admins` (`username`, `domain`, `created`, `active`)\r\n\t\t\t\t\t\tVALUES (:username, :domain, :created, :active)"); $stmt->execute(array(':username' => $username, ':domain' => $domain, ':created' => date('Y-m-d H:i:s'), ':active' => $active)); } catch (PDOException $e) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL: ' . $e); return false; } } try { $stmt = $pdo->prepare("INSERT INTO `admin` (`username`, `password`, `superadmin`, `created`, `modified`, `active`)\r\n\t\t\t\tVALUES (:username, :password_hashed, '0', :created, :modified, :active)"); $stmt->execute(array(':username' => $username, ':password_hashed' => $password_hashed, ':created' => date('Y-m-d H:i:s'), ':modified' => date('Y-m-d H:i:s'), ':active' => $active)); } catch (PDOException $e) { $_SESSION['return'] = array('type' => 'danger', 'msg' => 'MySQL: ' . $e); return false; } } else { $_SESSION['return'] = array('type' => 'danger', 'msg' => sprintf($lang['danger']['password_empty'])); return false; } $_SESSION['return'] = array('type' => 'success', 'msg' => sprintf($lang['success']['domain_admin_added'], htmlspecialchars($username))); }
function addSubDomain() { global $subdomain, $domainname; $this->getVariable(array('subdomain', "domainname")); $domainname = $this->chooseDomain(__FUNCTION__, $domainname); $success = True; $filter = "domainname='{$domainname}'"; if ($subdomain) { if (!is_valid_domain_name($subdomain)) { return $this->error_text_tr("domain_format_wrong"); } $count = $this->recordcount($this->conf['subdomainstable']['tablename'], "domainname='{$domainname}' and subdomain='{$subdomain}'"); # todo: this should be moved to existscontrol if ($count > 0) { return $this->errorText("subdomain already exists."); } $domaininfo = $this->domaininfo = $this->getDomainInfo($domainname); $homedir = $domaininfo['homedir'] . "/httpdocs/subdomains/{$subdomain}"; $webserverips = $domaininfo['webserverips']; $qu = "insert into " . $this->conf['subdomainstable']['tablename'] . " (panelusername,subdomain,domainname,homedir,webserverips)values('{$this->activeuser}','{$subdomain}','{$domainname}','{$homedir}','{$webserverips}')"; $success = $success && $this->executeQuery($qu, $opname); #$success=$success && $this->addDaemonOp("daemondomain","addsubdomain",$domainname,$homedir,'add subdomain'); $success = $success && $this->add_daemon_op(array('op' => 'daemondomain', 'action' => 'addsubdomain', 'info' => $subdomain, 'info2' => $domainname, 'info3' => $homedir)); $success = $success && $this->addDaemonOp("syncdomains", 'xx', $domainname, '', 'sync domains'); if ($success) { $sub1 = "http://" . $subdomain . "." . $domainname; $sub2 = "http://www." . $subdomain . "." . $domainname; $this->output .= "<br>You may access <a target=_blank href='{$sub1}'>{$sub1}</a> and <a target=_blank href='{$sub2}'>{$sub2}</a> in a few seconds..<br>"; } $this->ok_err_text($success, "Add subdomain success", "Error adding subdomain"); } else { $inputparams = array(array('subdomain', 'righttext' => ".{$domainname}")); $this->output .= "Enter subdomain here: <br>(additionally, www. automatically will be added in front of subdomain)" . inputform5($inputparams); } $this->showSimilarFunctions('subdomainsDirs'); return $success; }
$password = htmlspecialchars($_POST['pword']); $confirm_password = htmlspecialchars($_POST['confirmpword']); $opac_server_name = htmlspecialchars($_POST['opacname']); $intra_server_name = htmlspecialchars($_POST['intraname']); } # Check validity of the parameters. if ($password !== $confirm_password && $respond == null) { $respond = "Mismatching passwords"; } if (!filter_var($email, FILTER_VALIDATE_EMAIL) && $respond == null) { $respond = "Invalid email address"; } if (!is_valid_domain_name($opac_server_name) && $respond == null) { $respond = "Invalid OPAC server name"; } if (!is_valid_domain_name($intra_server_name) && $respond == null) { $respond = "Invalid intranet server name"; } # If all of the parameters are valid, continue to send the request. if ($respond == null) { try { $mysqli = new mysqli(HOSTNAME, USERNAME, PASSWORD, DATABASE); ## # Register the Koha site with the registration database. ## if (!($statement = $mysqli->prepare("CALL add_koha_site(?, ?, ?, ?, ?, ?)"))) { throw new Exception("Unable to prepare SQL statement for adding the Koha site (" . $mysqli->errno . "): " . $mysqli->error); } if (!$statement->bind_param("ssssss", $first_name, $surname, $email, $password, $opac_server_name, $intra_server_name)) { throw new Exception("Unable to bind parameters to the statement for adding the Koha site (" . $statement->errno . "): " . $statement->error); }