From d87f76019fc231ec20d95126a7fee0487e7be5f0 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 14 Aug 2012 10:56:20 -0400
Subject: [PATCH] - Added new web folder named private to web folder layout. The folder is intended to store data that shall not be visible in the web directory, it is owned by the user of the web. - Changed ownership of web root directory to root user in all security modes to prevent symlink attacks. - Apache log files are now owned by user root. - Improved functions in system library.
---
interface/web/dns/dns_soa_edit.php | 197 +++++++++++++++++++++++++++++++++++++------------
1 files changed, 149 insertions(+), 48 deletions(-)
diff --git a/interface/web/dns/dns_soa_edit.php b/interface/web/dns/dns_soa_edit.php
index f78e9aa..48c4b25 100644
--- a/interface/web/dns/dns_soa_edit.php
+++ b/interface/web/dns/dns_soa_edit.php
@@ -1,4 +1,5 @@
<?php
+
/*
Copyright (c) 2007, Till Brehm, projektfarm Gmbh
All rights reserved.
@@ -27,7 +28,6 @@
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-
/******************************************
* Begin Form configuration
******************************************/
@@ -41,34 +41,35 @@
require_once('../../lib/config.inc.php');
require_once('../../lib/app.inc.php');
-// Checking module permissions
-if(!stristr($_SESSION["s"]["user"]["modules"],'dns')) {
- header("Location: ../index.php");
- exit;
-}
+//* Check permissions for module
+$app->auth->check_module_permissions('dns');
// Loading classes
-$app->uses('tpl,tform,tform_actions');
+$app->uses('tpl,tform,tform_actions,validate_dns');
$app->load('tform_actions');
class page_action extends tform_actions {
+
+ function onShow() {
+ global $app;
+ //* Reset the page number of the list form for the dns
+ //* records to 0 if we are on the first tab of the soa form.
+ if($app->tform->getNextTab() == 'dns_soa') {
+ $_SESSION['search']['dns_a']['page'] = 0;
+ }
+ parent::onShow();
+ }
function onShowNew() {
global $app, $conf;
// we will check only users, not admins
if($_SESSION["s"]["user"]["typ"] == 'user') {
-
- // Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_dns_zone FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // Check if the user may add another maildomain.
- if($client["limit_dns_zone"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_zone"]) {
- $app->error($app->tform->wordbook["limit_dns_zone_txt"]);
- }
+ if(!$app->tform->checkClientLimit('limit_dns_zone')) {
+ $app->error($app->tform->wordbook["limit_dns_zone_txt"]);
+ }
+ if(!$app->tform->checkResellerLimit('limit_dns_zone')) {
+ $app->error('Reseller: '.$app->tform->wordbook["limit_dns_zone_txt"]);
}
}
@@ -81,16 +82,46 @@
// If user is admin, we will allow him to select to whom this record belongs
if($_SESSION["s"]["user"]["typ"] == 'admin') {
// Getting Domains of the user
- $sql = "SELECT groupid, name FROM sys_group WHERE client_id > 0";
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(client.company_name,' :: ',client.contact_name) as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND sys_group.client_id > 0 ORDER BY sys_group.name";
$clients = $app->db->queryAllRecords($sql);
- $client_select = "<option value='0'></option>";
+ $client_select = '';
+ if($_SESSION["s"]["user"]["typ"] == 'admin') $client_select .= "<option value='0'></option>";
+ //$tmp_data_record = $app->tform->getDataRecord($this->id);
if(is_array($clients)) {
foreach( $clients as $client) {
- $selected = ($client["groupid"] == $this->dataRecord["sys_groupid"])?'SELECTED':'';
- $client_select .= "<option value='$client[groupid]' $selected>$client[name]</option>\r\n";
+ $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
+ $client_select .= "<option value='$client[groupid]' $selected>$client[name] :: $client[contactname]</option>\r\n";
}
}
$app->tpl->setVar("client_group_id",$client_select);
+ } else if($app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+
+ // Get the limits of the client
+ $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, CONCAT(client.company_name,' :: ',client.contact_name) as contactname, sys_group.name FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+
+ // Fill the client select field
+ $sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(client.company_name,' :: ',client.contact_name) as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
+ $clients = $app->db->queryAllRecords($sql);
+ $tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
+ $client_select = '<option value="'.$tmp['groupid'].'">'.$client['name'].' :: '.$client['contactname'].'</option>';
+ //$tmp_data_record = $app->tform->getDataRecord($this->id);
+ if(is_array($clients)) {
+ foreach( $clients as $client) {
+ $selected = @(is_array($this->dataRecord) && ($client["groupid"] == $this->dataRecord['client_group_id'] || $client["groupid"] == $this->dataRecord['sys_groupid']))?'SELECTED':'';
+ $client_select .= "<option value='$client[groupid]' $selected>$client[name] :: $client[contactname]</option>\r\n";
+ }
+ }
+ $app->tpl->setVar("client_group_id",$client_select);
+
+ }
+
+ if($this->id > 0) {
+ //* we are editing a existing record
+ $app->tpl->setVar("edit_disabled", 1);
+ $app->tpl->setVar("server_id_value", $this->dataRecord["server_id"]);
+ } else {
+ $app->tpl->setVar("edit_disabled", 0);
}
parent::onShowEnd();
@@ -99,58 +130,128 @@
function onSubmit() {
global $app, $conf;
- // Get the limits of the client
- $client_group_id = $_SESSION["s"]["user"]["default_group"];
- $client = $app->db->queryOneRecord("SELECT limit_dns_zone, default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
-
- // When the record is updated
- if($this->id > 0) {
- // restore the server ID if the user is not admin and record is edited
- $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_soa WHERE id = ".intval($this->id));
- $this->dataRecord["server_id"] = $tmp["server_id"];
- unset($tmp);
- // When the record is inserted
- } else {
- // set the server ID to the default mailserver of the client
- $this->dataRecord["server_id"] = $client["default_dnsserver"];
+ if($_SESSION["s"]["user"]["typ"] != 'admin') {
+ // Get the limits of the client
+ $client_group_id = $_SESSION["s"]["user"]["default_group"];
+ $client = $app->db->queryOneRecord("SELECT limit_dns_zone, default_dnsserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+
+ // When the record is updated
+ if($this->id > 0) {
+ // restore the server ID if the user is not admin and record is edited
+ $tmp = $app->db->queryOneRecord("SELECT server_id FROM dns_soa WHERE id = ".intval($this->id));
+ $this->dataRecord["server_id"] = $tmp["server_id"];
+ unset($tmp);
+ // When the record is inserted
+ } else {
+ // set the server ID to the default dnsserver of the client
+ $this->dataRecord["server_id"] = $client["default_dnsserver"];
- // Check if the user may add another maildomain.
- if($client["limit_dns_zone"] >= 0) {
- $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE sys_groupid = $client_group_id");
- if($tmp["number"] >= $client["limit_dns_zone"]) {
- $app->error($app->tform->wordbook["limit_dns_zone_txt"]);
+ // Check if the user may add another maildomain.
+ if($client["limit_dns_zone"] >= 0) {
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_soa WHERE sys_groupid = $client_group_id");
+ if($tmp["number"] >= $client["limit_dns_zone"]) {
+ $app->error($app->tform->wordbook["limit_dns_zone_txt"]);
+ }
}
}
}
- // Set the serial
- $this->dataRecord["serial"] = time();
+ /*
+ // Update the serial number of the SOA record
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$this->id);
+ $this->dataRecord["serial"] = $app->validate_dns->increase_serial($soa["serial"]);
+ */
+
+ //* Check if soa, ns and mbox have a dot at the end
+ if(strlen($this->dataRecord["origin"]) > 0 && substr($this->dataRecord["origin"],-1,1) != '.') $this->dataRecord["origin"] .= '.';
+ if(strlen($this->dataRecord["ns"]) > 0 && substr($this->dataRecord["ns"],-1,1) != '.') $this->dataRecord["ns"] .= '.';
+ if(strlen($this->dataRecord["mbox"]) > 0 && substr($this->dataRecord["mbox"],-1,1) != '.') $this->dataRecord["mbox"] .= '.';
+
+ //* Replace @ in mbox
+ if(stristr($this->dataRecord["mbox"],'@')) {
+ $this->dataRecord["mbox"] = str_replace('@','.',$this->dataRecord["mbox"]);
+ }
+
+ //* Check if a secondary zone with the same name already exists
+ $tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_slave WHERE origin = \"".$this->dataRecord["origin"]."\" AND server_id = \"".$this->dataRecord["server_id"]."\"");
+ if($tmp["number"] > 0) {
+ $app->error($app->tform->wordbook["origin_error_unique"]);
+ }
+
parent::onSubmit();
}
function onAfterInsert() {
global $app, $conf;
- // make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
+ // make sure that the record belongs to the client group and not the admin group when a dmin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id WHERE id = ".$this->id);
+ $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE id = ".$this->id);
// And we want to update all rr records too, that belong to this record
$app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$this->id);
+ }
+ if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
+ $client_group_id = intval($this->dataRecord["client_group_id"]);
+ $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE id = ".$this->id);
+ // And we want to update all rr records too, that belong to this record
+ $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$this->id);
+ }
+
+ }
+
+ function onBeforeUpdate () {
+ global $app, $conf;
+
+ //* Check if the server has been changed
+ // We do this only for the admin or reseller users, as normal clients can not change the server ID anyway
+ if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
+ //* We do not allow users to change a domain which has been created by the admin
+ $rec = $app->db->queryOneRecord("SELECT origin from dns_soa WHERE id = ".$this->id);
+ if(isset($this->dataRecord["origin"]) && $rec['origin'] != $this->dataRecord["origin"] && $app->tform->checkPerm($this->id,'u')) {
+ //* Add a error message and switch back to old server
+ $app->tform->errorMessage .= $app->lng('The Zone (soa) can not be changed. Please ask your Administrator if you want to change the Zone name.');
+ $this->dataRecord["origin"] = $rec['origin'];
+ }
+ unset($rec);
}
}
function onAfterUpdate() {
global $app, $conf;
- // make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
+ $tmp = $app->db->diffrec($this->oldDataRecord,$app->tform->getDataRecord($this->id));
+ if($tmp['diff_num'] > 0) {
+ // Update the serial number of the SOA record
+ $soa = $app->db->queryOneRecord("SELECT serial FROM dns_soa WHERE id = ".$this->id);
+ $app->db->query("UPDATE dns_soa SET serial = '".$app->validate_dns->increase_serial($soa["serial"])."' WHERE id = ".$this->id);
+ }
+
+ // make sure that the record belongs to the client group and not the admin group when a dmin inserts it
if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($this->dataRecord["client_group_id"])) {
$client_group_id = intval($this->dataRecord["client_group_id"]);
- $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id WHERE id = ".$this->id);
+ $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE id = ".$this->id);
// And we want to update all rr records too, that belong to this record
$app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$this->id);
}
+ if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($this->dataRecord["client_group_id"])) {
+ $client_group_id = intval($this->dataRecord["client_group_id"]);
+ $app->db->query("UPDATE dns_soa SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE id = ".$this->id);
+ // And we want to update all rr records too, that belong to this record
+ $app->db->query("UPDATE dns_rr SET sys_groupid = $client_group_id WHERE zone = ".$this->id);
+ }
+
+ //** When the client group has changed, change also the owner of the record if the owner is not the admin user
+ if($this->oldDataRecord["client_group_id"] != $this->dataRecord["client_group_id"] && $this->dataRecord["sys_userid"] != 1) {
+ $client_group_id = intval($this->dataRecord["client_group_id"]);
+ $tmp = $app->db->queryOneREcord("SELECT userid FROM sys_user WHERE default_group = ".$client_group_id);
+ if($tmp["userid"] > 0) {
+ $app->db->query("UPDATE dns_soa SET sys_userid = ".$tmp["userid"]." WHERE id = ".$this->id);
+ $app->db->query("UPDATE dns_rr SET sys_userid = ".$tmp["userid"]." WHERE zone = ".$this->id);
+ }
+ }
+
}
}
@@ -158,4 +259,4 @@
$page = new page_action;
$page->onLoad();
-?>
\ No newline at end of file
+?>
--
Gitblit v1.9.1