$content .= '<tr><td><a href="' . $_SERVER["PHP_SELF"] . $link . '&zonename=' . $newzone->zonename . '&zonetype=' . $newzone->zonetype . '" class="linkcolor">' . $newzone->zonename . '</a> (' . $newzone->zonetype . ')</tr></td> '; } $content .= ' </table></div> '; } else { $content = $user->error; } } else { // zonename is set ==> confirm & delete $zone = new Zone($zonename, $zonetype); if ($zone->error) { $content = sprintf($html->string_error, $zone->error); } else { if (!$config->usergroups && $zone->RetrieveUser() != $user->userid || $config->usergroups && $zone->RetrieveUser() != $group->groupid) { $content = sprintf($html->string_error, sprintf($l['str_you_can_not_manage_delete_zone_x_x'], $zone->zonename, $zone->zonetype)); } else { if (isset($_REQUEST) && !isset($_REQUEST['confirm']) || !isset($_REQUEST) && !isset($confirm)) { // ==> print confirm screen $content = ' <div class="boxheader">' . $l['str_confirmation'] . '</div>'; if ($zone->zonetype == 'P') { $tempzonetype = $l['str_primary']; } else { $tempzonetype = $l['str_secondary']; } $content .= sprintf($l['str_do_you_confirm_zone_deletion_x_x_from_x'], $zone->zonename, $tempzonetype, $config->sitename) . ' <div align="center"> <form action="' . $_SERVER["PHP_SELF"] . '" method="POST"> ' . $hiddenfields . '
$zonename = $_REQUEST['zonename']; } $zonename = addslashes($zonename); if (isset($_REQUEST) && empty($_REQUEST['zonetype']) || !isset($_REQUEST) && empty($zonetype)) { $content .= sprintf($html->string_error, $l['str_you_did_not_specify_zonetype']); $localerror = 1; } else { if (isset($_REQUEST)) { $zonetype = $_REQUEST['zonetype']; } $zonetype = addslashes($zonetype); $zone = new Zone($zonename, $zonetype); if (!empty($zone->error)) { $content .= sprintf($html->string_error, $zone->error); } else { $userid = $zone->RetrieveUser(); } } } else { // nothing entered $content .= sprintf($html->string_error, $l['str_you_did_not_enter_login_nor_zonename']); $localerror = 1; } } } } print $html->box('mainbox', $title, $content); if (file_exists("includes/right_side.php")) { include "includes/right_side.php"; } else { include "includes/right_side_default.php";
if (isset($_REQUEST['logout']) && $_REQUEST['logout'] || isset($logout) && $logout) { $user->logout($idsession); } $link = "?language=" . $lang; if (!empty($idsession)) { $link .= "&idsession=" . $idsession; } if ($user->error) { printf($html->string_error, $user->error); } if ($user->authenticated == 1) { if (isset($_REQUEST)) { $zonename = $_REQUEST['zonename']; $zonetype = $_REQUEST['zonetype']; $server = $_REQUEST['server']; } $zone = new Zone($zonename, $zonetype); if ($zone->error) { printf($html->string_error, $zone->error); } else { if ($zone->RetrieveUser() != $user->userid && ($config->usergroups && $zone->RetrieveUser() != $group->groupid)) { printf($html->string_error, $l['str_you_dont_own_this_zone']); } else { $title = sprintf($l['str_zone_content_for_x_on_server_x'], $zone->zonename, xssafe($server)); $content = sprintf("\n<pre>%s</pre>", xssafe(zoneDig($server, $zonename))); print $html->box('digwindow', $title, $content); } } } // print close "window" print $html->footerlight();
/** * XML-RPC service to update A records * *@access public *@params XML-RPC message $m *@return XML-RPC answer * *The request for this service is a structure containing: * * - user: the user name * - password: his password * - zone: the name of the zone * - name: the name of the A record(s) * - oldaddress (optional): the address of the A record to * delete or "*" to delete all A records * for the given name. * - newaddress (optional): the address of the A record to add. * - ttl (optional): the TTL of the A record to add. * * The return value is the whole zone as text. * * Inserts can be performed by leaving "oldaddress" empty. * Deletes can be performed by leaving "newaddress" empty. * Updates are performed by giving both old and new addresses. * */ function updateArecord($m) { global $xmlrpcerruser, $stateNames; global $db, $dbauth, $user, $config; if ($_SERVER["HTTPS"] != "on") { return new xmlrpcresp(0, $xmlrpcerruser, "non-https modifications disabled " . "(also, now you have to change your password)"); } $res = ""; $modified = 0; $req = php_xmlrpc_decode($m->getParam(0)); $db = new Db(); if ($config->userdbname) { $dbauth = new DbAuth(); } else { $dbauth = $db; } $user = new User($req["user"], $req["password"], NULL); if ($user->authenticated == 0) { $user = new User($req["user"], $req["password"], NULL, 1); } if ($user->authenticated == 0) { return new xmlrpcresp(0, $xmlrpcerruser, "authentication refused"); } elseif ($user->authenticated >= 2) { return new xmlrpcresp(0, $xmlrpcerruser, "you have to migrate first"); } $zonename = $req["zone"]; $zonetype = "P"; $zone = new Zone($zonename, $zonetype); $zone->isErroneous(); if ($zone->error) { return new xmlrpcresp(0, $xmlrpcerruser, $zone->error); } if ($config->usergroups) { include 'libs/group.php'; $group = new Group($user->userid); if ($config->userlogs) { include 'libs/userlogs.php'; $userlogs = new UserLogs($group->groupid, $user->userid); } } if (!$config->usergroups && $zone->RetrieveUser() != $user->userid || $config->usergroups && $zone->RetrieveUser() != $group->groupid) { return new xmlrpcresp(0, $xmlrpcerruser, "You can not manage zone " . $zone->zonename); } $currentzone = new Primary($zone->zonename, $zone->zonetype, $user); if (!empty($req["newaddress"]) && $req["newaddress"] == "<dynamic>") { $req["newaddress"] = $_SERVER["REMOTE_ADDR"]; } if (!empty($req["oldaddress"])) { if (!empty($req["newaddress"])) { # skip changes if newaddress is the same we already have $currentzone->getARecords($addarr, mysql_real_escape_string($req["name"])); if (count($addarr) == 1 && in_array($req["newaddress"], $addarr)) { $ttl = intval($req["ttl"]); if (empty($ttl)) { $ttl = "-1"; } $ret = array("zone" => $req["zone"], "serial" => $currentzone->serial, "name" => $req["name"], "addresses" => $addarr, "ttl" => $ttl); return new xmlrpcresp(php_xmlrpc_encode($ret)); } } $modified = 1; if ($req["oldaddress"] == "*") { $currentzone->deleteMultipleARecords($req["name"]); } elseif ($req["oldaddress"] == "*.*") { $currentzone->deleteMultipleARecords($req["name"], "A"); } elseif ($req["oldaddress"] == "*:*") { $currentzone->deleteMultipleARecords($req["name"], "AAAA"); } else { $tmpname = sprintf("%s(%s/%s)", preg_match('/:/', $req["oldaddress"]) ? "aaaa" : "a", mysql_real_escape_string($req["name"]), mysql_real_escape_string($req["oldaddress"])); $currentzone->Delete(array($tmpname), 0, 0); } if ($currentzone->error) { return new xmlrpcresp(0, $xmlrpcerruser, $currentzone->error); } } $ttl = intval($req["ttl"]); if (empty($ttl)) { $ttl = "-1"; } $updatereverse = !empty($req["updatereveverse"]); if (!empty($req["newaddress"])) { $modified = 1; if (preg_match('/:/', $req["newaddress"])) { $fn = "addAAAARecord"; } else { $fn = "addARecord"; } $res = $currentzone->{$fn}($zone->zoneid, array(mysql_real_escape_string($req["newaddress"])), array(mysql_real_escape_string($req["name"])), array($ttl), $updatereverse); if ($currentzone->error) { return new xmlrpcresp(0, $xmlrpcerruser, $res); } } $currentzone->generateConfigFile(); $checker = sprintf("%s %s %s", $config->binnamedcheckzone, $currentzone->zonename, $currentzone->tempZoneFile()); $check = `{$checker}`; unlink($currentzone->tempZoneFile()); if (!preg_match("/OK/", $check)) { return new xmlrpcresp(0, $xmlrpcerruser, "Check error: " . $checker); } if ($modified) { $currentzone->flagModified($currentzone->zoneid); $currentzone->updateSerial($currentzone->zoneid); if ($currentzone->error) { return new xmlrpcresp(0, $xmlrpcerruser, "DB error: " . $currentzone->error); } } $ret = array("zone" => $req["zone"], "serial" => $currentzone->serial, "name" => $req["name"], "addresses" => NULL, "ttl" => $ttl); $currentzone->getArecords($ret["addresses"], mysql_real_escape_string($req["name"])); if ($currentzone->error) { return new xmlrpcresp(0, $xmlrpcerruser, $currentzone->error); } return new xmlrpcresp(php_xmlrpc_encode($ret)); }