if (!isset($_POST["op"]) || !isset($_POST["np"]) || !isset($_POST["cp"])) { echo "<div class'err'>Rellene todos los datos</div>"; exit(1); } $rq_opass = base64_decode($_POST["op"]); $rq_npass = base64_decode($_POST["np"]); $rq_cpass = base64_decode($_POST["cp"]); if ($rq_npass != $rq_cpass) { echo "<div class='err'>La confirmacion no coincide</div>"; exit(2); } if (strlen($rq_opass) < MIN_PASS_LENGTH || strlen($rq_npass) < MIN_PASS_LENGTH || strlen($rq_cpass) < MIN_PASS_LENGTH) { echo "<div class='err'>No cumple las longitudes mínimas</div>"; exit(2); } $pgclient = new PgClient($db_config); $opass = hash("sha512", $salt . $rq_opass); $npass = hash("sha512", $salt . $rq_npass); $cpass = hash("sha512", $salt . $rq_cpass); $pgclient->connect() or die("<div class='err'>Woooops, culpa nuestra, contacte con el administrador</div>"); $q = "Select * from usuarios where lower(mail)=lower('" . $_SESSION["email"] . "') and pass='******';"; $r = pg_fetch_object($pgclient->exeq($q)); if ($pgclient->lq_nresults() == 0) { // USER NON EXISTENT OR PASSWORD ERROR echo "<div class='err'>Los datos introducidos no son correctos</div>"; exit(3); } $q = "Update usuarios set pass='******' where lower(mail)=lower('" . $_SESSION["email"] . "');"; $pgclient->exeq($q); $pgclient->disconnect(); session_write_close();
session_write_close(); header("Location: /?lang=es"); exit(1); } $lan = $_SESSION["lan"]; session_write_close(); if (!isset($_POST["u"])) { echo $text[$lan]["err1"]; exit(1); } if (strlen($_POST["u"]) < MIN_USER_LENGTH) { echo $text[$lan]["err2"]; exit(2); } $salt = "as!09**31sfSAFasfaNYGFB"; $pgclient = new PgClient($db_config); $strenght = 4; $user = $pgclient->prepare($_POST["u"], "email"); $hash = hash("sha256", $salt . openssl_random_pseudo_bytes($strenght) . rand()); $pgclient->connect() or die($text[$lan]["dberror"]); $q = "Select * from usuarios where lower(mail)=lower('" . $user . "');"; $r = pg_fetch_object($pgclient->exeq($q)); if ($pgclient->lq_nresults() == 0) { // USER NON EXISTENT OR PASSWORD ERROR echo $text[$lan]["err3"]; exit(3); } /* ----------------------------- */ /* CASTELLANO */ $text["es"]["subject"] = "Recuperar acceso a CODDNS"; $text["es"]["mailbody"] = "\n<h3>Hola!</h3>\n<p>Hemos recibido una solicitud de cambio de contraseña desde " . _ip() . "</p>\n<p>Si no has iniciado ninguna acción no es necesario que hagas nada.</p>\n<p>En caso de que realmente quieras cambiar tus datos de acceso, por favor, sigue el siguiente enlace:</p>\n<a href='http://" . $config["domainname"] . "/?z=newpassword&token=" . $hash . "'>Cambiar mi contraseña</a>\n<p> Si el enlace no funciona copia el siguiente texto en el navegador para acceder.</p>\nhttp://" . $config["domainname"] . "/?z=newpassword&token=" . $hash . "\n<p>Gracias!</p>\n<p>Saludos,</p>\n<p>CODDNS</p>\n";
<li> <label></label> <input type="submit" value="<?php echo $text[$lan]["f_add"]; ?> "/> </li> </ul> </form> </section> <div id="myhosts"> <?php $pgclient = new PgClient($db_config); $pgclient->connect() or die($text[$lan]["dberror"]); $q = "select tag, ip from hosts where oid=(select id from usuarios where mail='" . $_SESSION["email"] . "');"; $r = $pgclient->exeq($q); ?> <h3><?php echo $text[$lan]["ht_htitle"]; ?> </h3> <form id="change" action="<?php echo $config["html_root"]; ?> /?z=mod" method="POST"> <input type="hidden" id="edith" name="edith" required/> <input type="hidden" id="editip" name="editip" required/> </form>
/* DEUTSCH */ if (!isset($_POST["u"]) || !isset($_POST["p"]) || !isset($_POST["cp"]) || !isset($_POST["t"])) { echo $text[$lan]["err1"]; exit(1); } $rq_npass = base64_decode($_POST["p"]); $rq_cpass = base64_decode($_POST["cp"]); if (strlen($_POST["u"]) < MIN_USER_LENGTH || strlen($rq_npass) < MIN_PASS_LENGTH || strlen($rq_cpass) < MIN_PASS_LENGTH) { echo $text[$lan]["err2"]; exit(2); } if ($_POST["p"] != $_POST["cp"]) { echo $text[$lan]["err3"]; exit(3); } $pgclient = new PgClient($db_config); $user = $pgclient->prepare($_POST["u"], "email"); $pass = hash("sha512", $salt . $rq_npass); $token = $pgclient->prepare($_POST["t"], "text"); $pgclient->connect() or die($text[$lan]["dberror"]); $q = "Select * from usuarios where lower(mail)=lower('" . $user . "') and hash='" . $token . "' and now() < max_time_valid_hash;"; $pgclient->exeq($q); if ($pgclient->lq_nresults() == 0) { // No results, no valid hash echo $text[$lan]["err4"]; exit(4); } $q = "update usuarios set pass='******' where lower(mail)=lower('" . $user . "');"; $pgclient->exeq($q); $q = "update usuarios set hash='' where lower(mail)=lower('" . $user . "');"; $pgclient->exeq($q);
exit(1); } if (!isset($_POST["edith"]) || !isset($_POST["nip"])) { echo "Rellene todos los datos"; exit(1); } if (strlen($_POST["edith"]) < LENGTH_HOST_MIN || strlen($_POST["nip"]) < 7) { echo "Rellene todos los datos y respete las longitudes máximas."; exit(1); } $check = ip2long($_POST["nip"]); if ($check < 0 || $check == FALSE) { echo "La dirección IP no es válida"; exit(2); } $pgclient = new PgClient($db_config); $pgclient->connect() or die("ERR"); $host = strtok($_POST["edith"], "."); $main = strtok("."); $dom = strtok("."); $check = $config["domainname"]; $checkm = strtok($check, "."); $checkd = strtok("."); if ($main != $checkm || $dom != $checkd || strlen($host) < LENGTH_HOST_MIN || strlen($host) > LENGTH_HOST_MAX) { die("ERR: nombre de host no valido"); } $host = $pgclient->prepare($host, "letters") . "." . $config["domainname"]; $ip = $_POST["nip"]; // UPDATE ONLY AN EXISTENT HOST $q = "select count(tag) from hosts where lower(tag)=lower('" . $host . "') and oid=(select id from usuarios where lower(mail)=lower('" . $pgclient->prepare($_SESSION["email"], "email") . "'));"; $pgclient->exeq($q);
<?php require_once "include/config.php"; require_once "lib/pgclient.php"; defined("LENGTH_HOST_MIN") or define("LENGTH_HOST_MIN", 1); defined("LENGTH_HOST_MAX") or define("LENGTH_HOST_MAX", 200); // devuelve la disponibilidad o no de una etiqueta host para un subdominio dado if (!isset($_POST["h"])) { header("Location: /"); exit(1); } $pgclient = new PgClient($db_config); $pgclient->connect() or die("ERR"); $host = $pgclient->prepare($_POST["h"], "letters"); if (strlen($host) < LENGTH_HOST_MIN || strlen($host) > LENGTH_HOST_MAX || !preg_match('/^[a-zA-Z]+([0-9]*[a-zA-Z]*)*$/', $_POST["h"])) { die("<div class='r err'>No cumple los requisitos</div>"); } $q = "select * from hosts where lower(tag)=lower('" . $host . "." . $config["domainname"] . "');"; $pgclient->exeq($q); if ($pgclient->lq_nresults() > 0) { echo "<div class='r err'>No disponible</div>"; } else { echo "<div class='r ok'>Disponible</div>"; } $pgclient->disconnect(); ?>
<?php require_once "include/config.php"; require_once "lib/ipv4.php"; require_once "lib/pgclient.php"; defined("LENGTH_USER_MIN") or define("LENGTH_USER_MIN", 2); defined("LENGTH_PASS_MIN") or define("LENGTH_PASS_MIN", 2); defined("LENGTH_HOST_MIN") or define("LENGTH_HOST_MIN", 1); defined("LENGTH_HOST_MAX") or define("LENGTH_HOST_MAX", 200); if (!isset($_POST["u"]) || !isset($_POST["p"]) || !isset($_POST["h"])) { die("ERR"); } if (strlen($_POST["u"]) < LENGTH_USER_MIN || strlen($_POST["p"]) < LENGTH_PASS_MIN || strlen($_POST["h"]) < LENGTH_HOST_MIN) { die("ERR"); } $pgclient = new PgClient($db_config); $pgclient->connect() or die("ERR"); $user = $pgclient->prepare($_POST["u"], "email"); $rq_pass = base64_decode($_POST["p"]); $pass = hash("sha512", $salt . $rq_pass); $host = strtok($_POST["h"], "."); $main = strtok("."); $dom = strtok("."); $check = $config["domainname"]; $checkm = strtok($check, "."); $checkd = strtok("."); if ($main != $checkm || $dom != $checkd || strlen($host) < LENGTH_HOST_MIN || strlen($host) > LENGTH_HOST_MAX) { die("ERR: nombre de host no valido"); } $host = $pgclient->prepare($host, "letters") . "." . $config["domainname"]; $q = "select * from usuarios where mail='" . $user . "' and pass='******';";
<title>Eliminar un host</title> <meta charset="UTF-8"> <style type="text/css"> </style> </head> <body> <?php if (!isset($_SESSION["email"])) { header("Location: " . $config["html_root"]); exit(1); } if (!isset($_POST["delh"])) { die("woops..."); } $pgclient = new PgClient($db_config); $pgclient->connect() or die("ERR"); $host = strtok($_POST["delh"], "."); $host = $pgclient->prepare($host, "letters") . "." . $config["domainname"]; $q = "delete from hosts where oid=(select id from usuarios where lower(mail)=lower('" . $_SESSION["email"] . "')) and lower(tag)=lower('" . $host . "');"; $pgclient->exeq($q); // LAUNCH DNS UPDATER $out = shell_exec("dnsmgr d " . $host . " A"); $pgclient->disconnect(); echo "<div><p>Se ha eliminado " . $host . " correctamente<p><a href='" . $config["html_root"] . "/'>Volver</a></div>"; session_write_close(); ?> </body> </html>